Sidejacking: Difference between revisions
From ACT Wiki
Jump to navigationJump to search
imported>Doug Williamson (Create page. Source: The Treasurer, December 2018 / January 2019, p31.) |
imported>Doug Williamson (Link with Cookie & Session cookie pages.) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 10: | Line 10: | ||
==See also== | ==See also== | ||
*[[CEO fraud]] | *[[CEO fraud]] | ||
*[[Cookie]] | |||
*[[Cyber attack]] | *[[Cyber attack]] | ||
*[[Cybercrime – A Threat And An Opportunity]] | *[[Cybercrime – A Threat And An Opportunity]] | ||
| Line 16: | Line 17: | ||
*[[DDoS]] | *[[DDoS]] | ||
*[[Hotspot sniffing]] | *[[Hotspot sniffing]] | ||
*[[Hypertext Transfer Protocol, Secure]] (https) | |||
*[[Man in the middle]] | *[[Man in the middle]] | ||
*[[National Cyber Security Centre]] | *[[National Cyber Security Centre]] | ||
*[[Session cookie]] | |||
*[[Social engineering]] | *[[Social engineering]] | ||
[[Category:Identify_and_assess_risks]] | [[Category:Identify_and_assess_risks]] | ||
[[Category:Technology]] | [[Category:Technology]] | ||
Latest revision as of 15:26, 6 February 2019
Cybersecurity - cyber attacks.
Sidejacking is a form of cyber attack in which an attacker steals a session cookie from a legitimate website visited by a legitimate client.
These cookies often contain usernames and passwords, and are generally sent back unencrypted, even if the original log-in was protected via https.
The session cookie is then used to gain unauthorised access to systems.
