Archive for November, 2010

What is Sidejacking?

/ November 10th, 2010 / Comments Off

Sidejacking is a process in which an attacker uses packet sniffing applications to read the traffic between your computer and a website to steal password information.  These attacks exploit unencrypted home and public Wi-Fi connections.

The majority of websites utilize a secure HTTP (HTTPS) connection to protect your username and password when logging into the site.  Some sites however revert to an unsecure HTTP connection once you are successfully authenticated and transfer session info, such as username and password, via cookies that are vulnerable to sidejacking.

I use public Wi-Fi connections everyday (Panera Bread mostly, but will use Borders if I can’t find a power outlet) and rely on them heavily as I am continuously on the go.  So how do I protect myself moving forward?

Virtual Private Networking (VPN) connections are the answer.  VPN connections create a secure tunnel between your computer and the outside world.  So, in our unprotected Wi-Fi scenario the sidejackers can see the data traffic but are unable to read the contents of the information.

Setting up a VPN connection is actually quite simple.  There are personal VPN providers online such as OpenVPN.net and ItsHidden.com that offer free services and step by step setup instructions.  I am actually in the process of creating my own VPN server through my home DSL with a SonicWall SSL-VPN appliance.

Let’s not forget to lock down our home Wi-Fi connections as well and be sure to use the WPA2 standard.  To date WPA2 encryption blocks all sidejacking attacks.  Double check your routers wireless encryption settings and if your router does not offer WPA2 then I think it’s worth the investment to upgrade your router. Here’s to a safe browsing environment.