sidejack

The name given to a method by which your online personal data is hacked and exposed. Because some Wi-Fi networks are unsecure, "sidejacking" works like this: When you login to a secure Web site or browse the Web on an unsecured Wi-Fi network, the fact is everything from the contents of your e-mail to who your friends and acquaintances are, could be easily exposed by hackers.

From a technical point of view, this method by which data could become exposed is nothing new, but it is simpler than most "man-in-the-middle" attacks. For example, many Web services (including Gmail, BlogSpot, Facebook, LinkedIn, and Google Adsense, etc.) use cookies to identify session information after the user has already logged in. Using a basic packet sniffer over a Wi-Fi network and a proxy server to pass the information through, a determined hacker can easily "sidejack" the session information as his own by stealing session IDs straight out of the Wi-Fi signal. He could then use that session ID to represent himself as the original user which would allow him to do things like make blog posts, unfriend all of your Facebook friends, and read or send e-mails.

Even though some sites, such as Gmail, offer secure, SSL-based login pages, things aren't as secure after you login. Unlike many bank Web sites that offer a secure browsing experience for the entire duration of the session, most sites dump the user right back out into unsecured territory after logging in, thus exposing their personal data to anyone who wants to get at it.

The solution is to stick to secured Wi-Fi networks that you know and trust (such as your home network that would not have any strangers on it running packet sniffers). But when you do need to use public access points, avoid accessing Web pages that might transmit personal information. For those of you who want to be extremely careful, you should never use a Wi-Fi hotspot unless you are using VPN (virtual private networking) or SSL (secure sockets layer) to access your accounts.

See also : hijacker  pagejacking  
NetLingo Classification: Net Technology

Updates