15. Sessions Hijacking with Firesheep
1) For now, Unable to attack Facebook **Have to Modify source code
2) Only support over HTTP
- Hotmail, Twitter, Facebook, Etc
3) Sniff on-the-Fly (Wifi Hotspot)
4) Over Network, Have to ARP poisoning
Source: 2008 CSI Computer Crime & Security Survey
17. Sessions Hijacking Over HTTPS
1) Using SSLStrip for kill SSL sessions
2) Rouge Access point or Arp poisoning on the wire
Source: 2008 CSI Computer Crime & Security Survey
26. Google Latitude Zero Day Attack - Example
https://www.google.com/accounts/ServiceLoginAuth?Username
=morphuesor@gmail.com&password=xxxxxx&s=sss=&xxx=dd
dddd