View Single Post
  #3 (permalink)  
Old 11-09-2010, 08:24 PM
Anne & Lynn Wheeler
Posts: n/a
Default Re: A Wolf In Sheep's Clothing - New Threat

"FromTheRafters" writes:
> Reading around on the net, I see recommendations for transport layer
> security as having some effect against this attack - I don't see how, if
> this really is about a cookie *file* on a computer on the usecured wireless
> network as indicated in the OP's quote. Getting hold of *cookies* in this
> sense must not be quite the same as getting hold of *cookie files* stored on
> a computer on the affected network - or else SSL/TLS wouldn't have any
> effect on it.

cookie capture is evesdropping on open communication channel (during
cookie transfer) ... followed by a "replay attack" of the harvested
cooking ... then encrypting the communication is countermeasure to
evesdropping (as opposed to a trojan running on the victim machine that
harvests the cookie from disk file).

there is separate discussion about cookies being a poor solution

lcamtuf's blog: HTTP cookies, or how not to design protocols

virtualization experience starting Jan1968, online at home since Mar1970

Reply With Quote