It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
A pair of open-source tools that sniff network traffic for cookies, then use the data to feed those purloined files back to Web sites, will let hackers easily impersonate users, a security expert said yesterday.
The tools, dubbed "cookiesniffer" and "cookieserver" by Michele Dallachiesa, their Italian creator, pose a significant risk to users, said Paul Henry, a vice president at San Jose-based Secure Computing Corp.
"Simply put, cookies are now as susceptible as static passwords in the age of Web 2.0," said Henry in a posting to his personal blog on Monday. "With the release of [these] tools CSRF [cross-site request forgery] is nearing the Script Kiddie level of execution," Henry continued. "Beyond warning users to log off of sites before visiting another and clearing cookie data, serious consideration must now perhaps be given to rewriting Web apps to take advantage of the use of one-time tokens."
Originally posted by GradyPhilpott
I'm not sure at this time how one might protect oneself from such an attack, except to delete all cookies immediately.
Originally posted by roadgravel
Unless you are on a network then someone using a network sniffer is going to have to be on backbone or somewhere traffic is flowing. ....
Originally posted by SkepticOverlord
Those "open" source "tools" were only just released into the wild yesterday. ... suddenly the very next day, a software firm with a vested interest in "cookie paranoia"...
Originally posted by thedigirati
I* use firefox, and I use adblock plus on firefox, no cookies, and NO ADS, it's great and my pages load faster.
I suppose I could use an open source Text browser to get the same effect