No Cookie Cutter Approach to Hackers

Tuesday, July 26, 2011 @ 03:07 PM gHale

Cybercriminals can hijack a user’s online session through cookies. The technique involves infecting a user’s computer with a Trojan, and then intercepting web-based commands, plus cookie transmissions, to prevent the website noting the legitimate user terminated their online session.

“By using a Trojan to log the relevant GET and POST commands, as well as injecting data into an active web session, cybercriminals can allow a legitimate user to log off their online web service, but keep the session alive on another internet connection,” said Phil Underwood, chief security officer at SecurEnvoy.

RELATED STORIES
Embedded Web Servers Open to Hackers
Botnet’s Fall Leaves Malware-Free Zone
‘Indestructible’ Botnet Making Rounds
Botnet Detection via a Smart DNS

There is a technique under development that can secure web session and solves the cookie hacking session, Underwood said.

While most two-factor authentication systems do not include protection beyond initial authentication, SecurEnvoy said it built steps to protect the integrity of the session and its associated cookie.

Even if someone tries to intercept the session cookie and other relevant data, the lack of authentication in combination with the fingerprinted cookie session will cause the unauthorized session to drop, SecurEnvoy said.

“The SecurEnvoy authentication system logs the legitimate users’ IP address and several other session parameters that identify the online user, their computer and Internet connection. Then, by selectively interrogating the connection on a rotational basis, it continues to authenticate the user in the background for the entire length of the session,” Underwood said.

Even if a third-party hacker succeeded in infecting the legitimate user with a Trojan that forwards cookies and other parameters to their own system, that data is still not sufficient to beat its authentication technology, Underwood said.