Web browsing on SSL sites may not be as secure as you think. Security researcher Mike Perry has released additional details about his CookieMonster tool, which can be used to steal private data via HTTPS cookies. Mike Perry spoke about the issue at the Defcon security conference.
Talk of HTTPS cookie hijacking is pushing its way toward the front of the line of security concerns with the release of details regarding an automated tool dubbed the CookieMonster. HTTPS Cookie-Hijacking Tool CookieMonster Gobbles Personal Data
From around the Web
- Users not patching third party apps
- Mozilla patches 12 Firefox bugs, a third of them critical
- IE 7 and 8 Default Security Leaves Intranets At Risk
- Microsoft ships fixes for Excel, WordPad malware attacks
- 15 Firefox addons for Web developers
- Windows 7 will nag users 29% less often, Microsoft claims
- Vista7 more secure than Linux and Mac OS X
- Conficker self updates, launches false infection alert
- SSH server attacks resurface
- Hacking Tools & Techniques and How to Protect Your Network from Them
- Microsoft Black Tuesday: Microsoft finally fixes Excel zero day, plus more
- Conficker self updates, launches false infection alert
- Conficker reprogrammed for new attack run
- Rogue security software a rising threat
- Further Windows 7 features revealed