Member
Hello Friends,
I have yahoo account and I access my account mostly from the cyber but i am not sure about the security related to my yahoo account because it may possible to retrieve all the information about my account by session hijacking.
so please suggest me how session Hijacking has been done and how to save my account details while accessing from the public places.
Thank for all of those who helps...
Member
Hello,
Here i have provided what the session hijacking is and how a hacker may hijack the session.
The term session hijacking refers to the exploitation of a valid computer session - sometimes also called a session key - to gain unauthorized access to information or services in a computer system.
In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server.It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be stolen easily by an attacker using an intermediary computer or with access to the cookies saved on the victim's computer.
Many Web sites allow users to create and manage their own accounts, Logging in using a username and password (which may or may not be encrypted during transit) or other authentication method. In order that the user does not have to re-enter their username and password on every page to maintain their session, many Web sites use session cookies: a token of information issued by the server and returned by the user's web browser to confirm its identity .
If an attacker is able to steal this cookie, they can make requests as if they themselves were the genuine user, gaining access to privileged information or changing data. If this cookie is a persistent cookies, then the impersonation can continue for a considerable period of time. Of course, session hijacking is not limited to the web, any protocol in which state is maintained using a key passed between two parties is vulnerable, especially if it's not encrypted.
Member
Only thing left with your hand is to clear all the cookies and private data from the internet browser of the computer you used in the cyber cafe. But i suppose you cant do anything if your account information has been hijaced during the running session.
otherwise all the necessary thing that has been well described by the SAMRA above.
Posting Permissions
Reply With Quote
Bookmarks