The Cracked Cookie Jar - HTTP Cookie Hijacking and the Exposure of Private Information
Offered By: IEEE via YouTube
Course Description
Overview
Explore the critical security vulnerabilities associated with HTTP cookie hijacking in this IEEE Symposium presentation. Delve into the widespread privacy implications of partially deployed HTTPS, uncovering how service personalization can inadvertently expose sensitive user information. Examine real-world examples from major websites, including Google, Bing, Yahoo, Amazon, and eBay, revealing the extent of data leakage. Investigate the impact on mobile apps, browser security mechanisms, and ad networks. Learn about the potential for deanonymizing Tor users through these attacks. Analyze the results of a 30-day network measurement study detecting over 282,000 vulnerable accounts. Evaluate current countermeasures, including HSTS and HTTPS Everywhere, and understand their limitations in fully protecting user privacy.
Syllabus
Intro
HTTP Cookie Hijacking
Move to HTTPS
Oh, you thought it was encrypted?
Real world privacy leakage
E-commerce
Large-scale cookie exposure
Attack Implications: Tor Network
Current countermeasures
HSTS
HTTPS Everywhere
Conclusion
Taught by
IEEE Symposium on Security and Privacy
Tags
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network