Computer attacks: How to prevent cookie stealing, sniffing and redirection?

Common types of computer attacks

There are 4 main types of cookies (session, performance, functionality and targeting). In the EU web sites must, by law, display a cookie banner to ask for a person’s permission before cookies are used. Everyone has the right to allow or deny cookies. But if we accept and use computer cookies then is there a risk of cookie misuse?

Cookie stealing

A reflected XSS attack executes a script on the client that can be read by the client’s cookie. This cookies’ contents can send its value to the attacker (reflection) and the attacker can impersonate the client without obtaining the cookie by sending a XMLHTTPRequest. Such commands usually use “get” or “post” to obtain client data.

The best way to overcome a reflected XSS attack is to: utilise the browser’s security settings and policy by using permission zones and setting them accordingly, secondly, use a cross site request forgery, meaning cookies must be sent from the same origin policy from the client.

Web vulnerability

Today internet service providers literally provide you with an internet connection, however, surfing the web on the “naked” internet opens you up to even more vulnerability. You should therefore make use of virtual private networks (VPN) and proxy servers. Surfing safely allows your data to be more secure.

Lately Edward Snowden has revealed that NSA and GCHQ (UK) have been working on cracking a VPN’s secure setting. This is a complex task but it is possible because encryption is simply a bunch of complex numbers that, once cracked, can be analysed for any purposes. As technology progresses so too does misuse.

Hackers invented Firefox

“Hackers are not criminals”. Copyright of Jonathanmh Devintart. Reused, unmodified.

Main computer attacks

Sniffing refers to those who use their “naked” online connection sent by internet providers. To do this hackers sniff mentioned network devices if using URL based session IDs. Recently Google started encrypting their searches, and other search engines followed, which meant that HTTP became HTTPS (secure) and thus can reduce search engine sniffing.

Redirection occurs whenever information is sent back to a web server, as well as, redirecting it to the hacker. Redirection can occur from HTTP REFERER or CSS.

Would you like to add to the main types of computer attacks above? Tweet Gerald.

Posted by

References

  1. Gollmann, D. (2008) Securing web applications. Information Security Technical report. 13 [volume number missing] pp. 1–9
  2. Morgan, D. (2006) Maintaining state in web applications. Network Security. [volume and issue numbers missing] pp. 16–18
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s