Product details
What are cookies?
For example, if you visit a news website that remembers your location, you will receive local news. If it’s a weather website, you don’t need to type your address every time.
Remember that time you were looking for a new pair of shoes? And suddenly you see shoe ads popping up for the exact color you want. You are running third-party cookies.
Cookies are actually small text files which are unique identifiers that allow websites to remember you.
What is cookie theft?
When you log into a website or web application, your browser knows you are logged in because the server sets a temporary session cookie. That computer session allows you to stay authenticated to a website as you continue to browse different pages on the site.
Think about shopping on Amazon. If you had to re-enter your password and login information with every new page you opened, it would be a drag. And, when you do get logged out, it can be annoying to sign back in. Session cookies solve that by keeping you logged in.
It’s convenient – but leaves you vulnerable to hackers.
This gets tricky when a hacker can steal that session ID and navigate wherever you were logged in on the web, using that cookie and pretending to be you. It’s basically a form of online identity theft!
Cookie theft occurs when hackers steal a victim’s session ID and mimic that person’s cookie over the same network. There are several ways they can do this.
- The first is by tricking a user into clicking a malicious link with a pre-set session ID.
- The second is by stealing the current session cookie.
The most common cookie theft occurs over unprotected public Wi-Fi connections when a person accesses a secure website. Even if the username and password are encrypted and a site is secure, it’s still possible for a hacker to steal the session data information traveling through the unsecured Wi-Fi and hijack the session you are in. That’s why you should always
So what can hackers do after a session hijacking?
This is where things can get dangerous.
Although hackers won’t know the password to your bank account or other secure accounts, they will be able to enter an active session you have.
This is why many websites such as banks have timeouts that require you to log back in after as little as 5 minutes of idle time.
If a hacker hijacks your session while you are logged into a bank, they will be able to take any actions that you would be able to take while logged in as well.
That includes transferring money, buying products from a store which you are logged into, accessing personal information and more.
3 session hijacking countermeasures to prevent cookie theft
You can prevent session hijacking through good digital hygiene practices. While you don’t need to know how to remove yourself from the internet (although that certainly would guarantee no cookie theft!), it’s important to know a few session hijacking countermeasures.
One of the most basic ways you can prevent cookie theft and session huijacking is by checking URLs. More sure websites are using HTTPS to ensure that all of your session traffic is encrypted with SSL/TLS. Most websites these days use HTTPS encryption, but it’s best always to check. This is especially true when entering personal data.
You can check if a website uses HTTPS by looking at the URL at the top of your browser. Chrome, for example, displays a lock to the left of the URL when a website is using HTTPS.
Another privacy measure is to avoid logging onto free public Wi-Fi connections, especially those without password protection. Whenever you do log onto public Wi-Fi, always use these tips to keep your information safe on public WiFi.
A third way is to implement automatic log-off when sessions are not in use. This is definitely annoying and can make it really inconvenient to browse the web. At the very least, consider setting your browser to automatically log you out every time you close the browser. This means that you can keep it open during the work day, and then wipe your session clean once work is over.
Again, not the most convenient, since you’ll need to log back into everything the following morning. But certainly much less of a pain than figuring out what to do if your identity is stolen because someone stole your cookie and hijacked your session!
Unfortunately, most of the security measures to prevent cookie theft or session hijacking are on the server-side of the equation that website administrators must implement.
There are no reviews yet.