The infamous cookie causes yet more grief
In reality, it’s not the cookie that causes the problems; they are just an easy way to subvert HTTP and now HTTPS connections. There are two major categories, persistent cookies and session cookies. It’s important that we know the difference between the two when discussing how surf jacking works:
Persistent cookies are so named because they have a time to live that lasts longer than the current web browsing session. The first- and third-party cookies I discussed in my article about Behavioral Targeting and Deep Packet Inspection would be considered persistent cookies. Persistent cookies have very little to do with the actual Internet connection.
Session cookies only last the length of a web browsing session. More importantly, they carry information that validates the web browser to the web server.
A specific set of circumstances are needed to take advantage of Surf Jacking, but this is still something to keep in mind. Website developers should also look into the suggested changes to the way they develop sites and so make it harder for this to work.
0 comments:
Post a Comment