- About
Company Profile - White Paper
IT Security Articles - why focus on
Security?
Security is Important - Services
How Can We Help
You? - Contact
Contact details
Cookie Poisoning
Cookie Poisoning
Cookie poisoning attacks are a process involving the manipulation and forging of cookies, designed to achieve illicit access to web applications. Hackers conducting cookie poisoning can forge cookies and gain legal access to other user accounts. This malicious practice is a very popular strategy used by hackers engaging in identity theft. Hacker4Lease has comprehensive knowledge in cookie poisoning, and we provide IT security assessment services designed to protect against this hacking risk.
What are cookies and how can a hacker poison a cookie? Cookies are common elements in web applications and their usage involves saving information (e.g. account numbers, user ID, time stamp, passwords, etc). The saved information is stored in the user’s hard drive. Ideally, access to the stored information is limited only to the user. Simply put, cookies are used to save crucial user information, and are stored on the user’s computer system. While visiting certain websites, visitors are asked for authentication. The username and password submitted by the user are validated by a login CGI (a program), and once validated, a cookie is stored in the user’s browser, which contains a numerical identifier to the submitted information. Aside from username and password, cookies can be used to store e-mail addresses, telephone numbers, names, and work and home addresses. For example, a customer seeking to purchase a watch visits a website that sells watches. The customer logs in using the name “Smith”. During the transaction, the website stores a cookie that contains “Smith’s” personal information on “Smith’s” computer. A hacker can subsequently cause serious damage if he examines the cookie and edits it to his advantage. Generally, hackers take the original cookie (e.g. “Smith”), and edits or reworks it to change it to “Jones”. The cookie is then re-encrypted by the actions of the hacker and the website now recognizes Smith as Jones.
How can cookie poisoning manipulations cause damage to your web applications? Through cookie poisoning, a hacker gets access to user accounts and the secured information within the account. Secure and sensitive information can also be stored in this way. As a result of cookie poisoning fraud, both the consumer and the website can face financial losses.
Anyone implementing applications that use cookies to secure and protect information should make use of security risk assessment services. At Hacker4Lease, we are industry frontrunners in assessing and analyzing applications and making recommendation for managed IT security services. By implementing IT security services management plan strategies, organization that rely on cookies can ensure the protection and security of their users personal and sensitive data.
More…