Cookies render HTTPS sessions vulnerable to data leaks

By /

CERT put out an announcement last week regarding the risks of cookies that were established via HTTP requests and how they present a threat to HTTPS sessions, due to the fact that web browsers sometimes don’t authenticate a domain that is setting a cookie. So what does that mean? It means a savvy attacker might be able to set a cookie and use it later with an HTTPS session instead of the “real” cookie set by the site. Not a good thing.

Find out more about this and what you can do to mitigate the risk, here:
http://www.securityweek.com/cookies-render-https-sessions-vulnerable-data-leaks

About The Author

Debra Littlejohn Shinder is a technology and security analyst and author specializing in identity, security and cybercrime, utilizing her past experience as a police officer and police academy/criminal justice instructor. She has written numerous books and articles for web and print publications and has been awarded the Microsoft MVP designation for fourteen years in a row.

Read Next

Static vs Dynamic IP Address

Static vs Dynamic IP Address

Most people are familiar with Internet Protocol (IP) Addresses, but many people don’t know you have 2 types. In this article, you’ll learn about static…

Read More »

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top