Monday, January 30, 2012

MITM Attack: Session hijacking and cookie stealing (Facebook)

Beware of Facebook cookie stealing and session hijacking:
Check your account setting and see your active sessions.
You will see something like this.

"Active Sessions

Current Session
Location:
Makati, MAN, PH (Approximate)
Device Type:
Safari on MacOSX
If you notice any unfamiliar devices or locations, click 'End Activity' to end the session. This list does not currently include sessions on Facebook's mobile site (m.facebook.com).
Last Accessed:
Today at 12:37pm
End Activity
Location:
Makati, MAN, PH (Approximate)
Device Type:
Unknown
Last Accessed:
Today at 7:37am
End Activity
Location:
Quezon City, MAN, PH (Approximate)
Device Type:
Unknown
Last Accessed:
Yesterday at 7:00pm
End Activity
Location:
Quezon City, MAN, PH (Approximate)
Device Type:
Unknown
Last Accessed:
Yesterday at 5:22pm
End Activity
Location:
Quezon City, MAN, PH (Approximate)
Device Type:
Unknown
Last Accessed:
Yesterday at 3:33pm
End Activity
Location:
Quezon City, MAN, PH (Approximate)
Device Type:
Unknown
Last Accessed:
Yesterday at 12:28pm
End Activity
Location:
Quezon City, MAN, PH (Approximate)
Device Type:
Unknown
Last Accessed:
Friday at 3:03pm
End Activity
Location:
Manila, MAN, PH (Approximate)
Device Type:
Safari on MacOSX
Last Accessed:
January 26 at 3:21pm
End Activity
Location:
Manila, MAN, PH (Approximate)
Device Type:
Safari on MacOSX
Last Accessed:
January 25 at 7:43am
End Activity
Location:
Manila, MAN, PH (Approximate)
Device Type:
Safari on MacOSX
Last Accessed:
January 25 at 5:51am
End Activity
Location:
Manila, MAN, PH (Approximate)
Device Type:
Safari on MacOSX
Last Accessed:
January 19 at 10:50am
End Activity
Location:
Quezon City, MAN, PH (Approximate)
Device Type:
Safari on MacOSX
Session Initiated:
August 20 at 7:32am
End Activity
Application Name:
Facebook for iPhone"

Facebook now offers the options for HTTPS all of the time. You can read the full details here:
http://blog.facebook.com/blog.php?post=486790652130

A Continued Commitment to Security
This Friday is Data Privacy Day, an international effort by governments, businesses and advocacy groups to raise awareness about the importance of staying in control of personal information...
By: Facebook
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)