CookieMonster: Not As Sweet As It Sounds!

// September 17th, 2008 // Blog

A recent WordPress announcement brought the following article to my attention:

Websites used for email, banking, e-commerce and other sensitive applications just got even less secure with the release of a new tool that siphons users' authentication credentials – even when they're sent through supposedly secure channels.

Dubbed CookieMonster, the toolkit is used in a variety of man-in-the-middle scenarios to trick a victim's browser into turning over the authentication cookies used to gain access to user account sections of a website. Unlike an attack method known as sidejacking, it works with vulnerable websites even when a user's browsing session is encrypted from start to finish using the secure sockets layer (SSL) protocol.

[Continue reading here…]

I don't really get the tecchy stuff, but in short, there is a new way for nasty hacker types to get hold of our private information, especially when we're using less secure public networks, such as free wifi at the local net café. They suggest the following method to determine whether the website you are using is vulnerable to attack:

To find out if your bank is susceptible, clear all cookies and then log in to the site. Next, clear all cookies marked as “SECURE” (in Firefox, go to preferences > privacy > show cookies. Delete only the cookies marked as “Encrypted connections only”). Then visit the site again. If you're logged in, there's a strong chance the site is wide open.

You have been warned…

3 Responses to “CookieMonster: Not As Sweet As It Sounds!”

  1. Sumera says:

    I always did think the Cookie Monster was creepy ~nervous

  2. biscuitinabasket says:

    Hey salaams!
    This post of yours brought your blog to my attention…. Now I know that you may be worried about the cookiemonster….. but I really am not that bad a person… and I definitely dont hack!

    Look forward to reading your future posts!

    Wasalama
    CM

  3. iMuslim says:

    Sumi: CM was a little on the crazy side… It was all the sugar and cookie dough preservatives he consumed!

    biab: Wa ‘alaykum salam wa rahmatullah. Welcome! I look forward to seeing you around (especially if you share your biscuits with us!).

Leave a Reply

PHVsPjxsaT48c3Ryb25nPndvb3RoZW1lc19zZXR0aW5nczwvc3Ryb25nPiAtIGE6MDp7fTwvbGk+PGxpPjxzdHJvbmc+d29vX2Fib3V0PC9zdHJvbmc+IC0gQnJpdGlzaCBCbG9nZ2VyLCBEZXNpIERyZWFtZXIsIE1hZCBNdXNsaW1haDwvbGk+PGxpPjxzdHJvbmc+d29vX2Fib3V0bGluazwvc3Ryb25nPiAtIGh0dHA6Ly9pbXVzbGltLnR2L2Fib3V0LzwvbGk+PGxpPjxzdHJvbmc+d29vX2Fkc19yb3RhdGU8L3N0cm9uZz4gLSB0cnVlPC9saT48bGk+PHN0cm9uZz53b29fYWRfaW1hZ2VfMTwvc3Ryb25nPiAtIGh0dHA6Ly82OS43Mi4yMDcuMTMwL35kcmlici93cC1jb250ZW50L3RoZW1lcy9wcmVtaXVtbmV3c19pTXVzbGltdHYvaW1hZ2VzL2FkLTEyNXgxMjUuZ2lmPC9saT48bGk+PHN0cm9uZz53b29fYWRfaW1hZ2VfMjwvc3Ryb25nPiAtIGh0dHA6Ly82OS43Mi4yMDcuMTMwL35kcmlici93cC1jb250ZW50L3RoZW1lcy9wcmVtaXVtbmV3c19pTXVzbGltdHYvaW1hZ2VzL2FkLTEyNXgxMjUuZ2lmPC9saT48bGk+PHN0cm9uZz53b29fYWRfaW1hZ2VfMzwvc3Ryb25nPiAtIGh0dHA6Ly82OS43Mi4yMDcuMTMwL35kcmlici93cC1jb250ZW50L3RoZW1lcy9wcmVtaXVtbmV3c19pTXVzbGltdHYvaW1hZ2VzL2FkLTEyNXgxMjUuZ2lmPC9saT48bGk+PHN0cm9uZz53b29fYWRfaW1hZ2VfNDwvc3Ryb25nPiAtIGh0dHA6Ly82OS43Mi4yMDcuMTMwL35kcmlici93cC1jb250ZW50L3RoZW1lcy9wcmVtaXVtbmV3c19pTXVzbGltdHYvaW1hZ2VzL2FkLTEyNXgxMjUuZ2lmPC9saT48bGk+PHN0cm9uZz53b29fYWRfcGFnZTwvc3Ryb25nPiAtIFNlbGVjdCBhIHBhZ2U6PC9saT48bGk+PHN0cm9uZz53b29fYWRfdXJsXzE8L3N0cm9uZz4gLSBodHRwOi8vZXhhbXBsZS5jb20vYWRzL2FkMV9kZXN0aW5hdGlvbi5odG1sPC9saT48bGk+PHN0cm9uZz53b29fYWRfdXJsXzI8L3N0cm9uZz4gLSBodHRwOi8vZXhhbXBsZS5jb20vYWRzL2FkMV9kZXN0aW5hdGlvbi5odG1sPC9saT48bGk+PHN0cm9uZz53b29fYWRfdXJsXzM8L3N0cm9uZz4gLSBodHRwOi8vZXhhbXBsZS5jb20vYWRzL2FkMV9kZXN0aW5hdGlvbi5odG1sPC9saT48bGk+PHN0cm9uZz53b29fYWRfdXJsXzQ8L3N0cm9uZz4gLSBodHRwOi8vZXhhbXBsZS5jb20vYWRzL2FkMV9kZXN0aW5hdGlvbi5odG1sPC9saT48bGk+PHN0cm9uZz53b29fYWx0X3N0eWxlc2hlZXQ8L3N0cm9uZz4gLSBncmF5LmNzczwvbGk+PGxpPjxzdHJvbmc+d29vX2FyY2hpdmVzPC9zdHJvbmc+IC0gYXJjaGl2ZXM8L2xpPjxsaT48c3Ryb25nPndvb19jdXN0b21fY3NzPC9zdHJvbmc+IC0gPC9saT48bGk+PHN0cm9uZz53b29fY3VzdG9tX2Zhdmljb248L3N0cm9uZz4gLSA8L2xpPjxsaT48c3Ryb25nPndvb19mZWF0dXJlZF9jYXRlZ29yeTwvc3Ryb25nPiAtIEFubm91bmNlbWVudHM8L2xpPjxsaT48c3Ryb25nPndvb19mZWVkYnVybmVyX2lkPC9zdHJvbmc+IC0gaW11c2xpbXR2PC9saT48bGk+PHN0cm9uZz53b29fZmVlZGJ1cm5lcl91cmw8L3N0cm9uZz4gLSBodHRwOi8vZmVlZHMyLmZlZWRidXJuZXIuY29tL0ltdXNsaW10djwvbGk+PGxpPjxzdHJvbmc+d29vX2ZsaWNrcl9lbnRyaWVzPC9zdHJvbmc+IC0gODwvbGk+PGxpPjxzdHJvbmc+d29vX2ZsaWNrcl9pZDwvc3Ryb25nPiAtIDE3MDI4MzQ1QE4wNjwvbGk+PGxpPjxzdHJvbmc+d29vX2ZsaWNrcl91cmw8L3N0cm9uZz4gLSBodHRwOi8vd3d3LmZsaWNrci5jb20vcGhvdG9zL2ltdXNsaW0vPC9saT48bGk+PHN0cm9uZz53b29fZ29vZ2xlX2FuYWx5dGljczwvc3Ryb25nPiAtIDwvbGk+PGxpPjxzdHJvbmc+d29vX2dyYXZhdGFyPC9zdHJvbmc+IC0gdHJ1ZTwvbGk+PGxpPjxzdHJvbmc+d29vX2hvbWU8L3N0cm9uZz4gLSB0cnVlPC9saT48bGk+PHN0cm9uZz53b29faG9tZV9hcmNoaXZlczwvc3Ryb25nPiAtIGh0dHA6Ly9pbXVzbGltLnR2L2FyY2hpdmVzPC9saT48bGk+PHN0cm9uZz53b29faG9tZV9mbGlja3JfY291bnQ8L3N0cm9uZz4gLSAxMDwvbGk+PGxpPjxzdHJvbmc+d29vX2hvbWVfZmxpY2tyX3VybDwvc3Ryb25nPiAtIGh0dHA6Ly93d3cuZmxpY2tyLmNvbS9waG90b3MvaW11c2xpbS88L2xpPjxsaT48c3Ryb25nPndvb19ob21lX2ZsaWNrcl91c2VyPC9zdHJvbmc+IC0gMTcwMjgzNDVATjA2PC9saT48bGk+PHN0cm9uZz53b29faG9tZV9saWZlc3RyZWFtPC9zdHJvbmc+IC0gMzwvbGk+PGxpPjxzdHJvbmc+d29vX2hvbWVfcG9zdHM8L3N0cm9uZz4gLSAyPC9saT48bGk+PHN0cm9uZz53b29fbGF5b3V0PC9zdHJvbmc+IC0gYmxvZy5waHA8L2xpPjxsaT48c3Ryb25nPndvb19sb2dvPC9zdHJvbmc+IC0gPC9saT48bGk+PHN0cm9uZz53b29fbWFpbnJpZ2h0PC9zdHJvbmc+IC0gZmFsc2U8L2xpPjxsaT48c3Ryb25nPndvb19tYW51YWw8L3N0cm9uZz4gLSBodHRwOi8vd3d3Lndvb3RoZW1lcy5jb20vc3VwcG9ydC90aGVtZS1kb2N1bWVudGF0aW9uL2lycmVzaXN0aWJsZS88L2xpPjxsaT48c3Ryb25nPndvb19uYXY8L3N0cm9uZz4gLSBmYWxzZTwvbGk+PGxpPjxzdHJvbmc+d29vX290aGVyX2VudHJpZXM8L3N0cm9uZz4gLSA1PC9saT48bGk+PHN0cm9uZz53b29fc2hvcnRuYW1lPC9zdHJvbmc+IC0gd29vPC9saT48bGk+PHN0cm9uZz53b29fc2hvd192aWRlbzwvc3Ryb25nPiAtIHRydWU8L2xpPjxsaT48c3Ryb25nPndvb190YWJzPC9zdHJvbmc+IC0gZmFsc2U8L2xpPjxsaT48c3Ryb25nPndvb190aGVtZW5hbWU8L3N0cm9uZz4gLSBJcnJlc2lzdGlibGU8L2xpPjxsaT48c3Ryb25nPndvb192aWRlbzwvc3Ryb25nPiAtIHRydWU8L2xpPjxsaT48c3Ryb25nPndvb192aWRlb19jYXRlZ29yeTwvc3Ryb25nPiAtIFZpZGVvPC9saT48L3VsPg==
%d bloggers like this: