Overview
Explore the security vulnerabilities and privacy implications of HTTP cookie hijacking in this Black Hat conference talk. Delve into an in-depth assessment of major websites with partially deployed HTTPS, revealing how service personalization can inadvertently expose private information. Examine the complex interplay of multiple cookies with different scopes and inter-dependencies, and discover how imprecise access control can render restricted account functionality accessible to non-session cookies. Learn about severe flaws uncovered in popular platforms like Google, Bing, Baidu, Yahoo, Amazon, and eBay, exposing sensitive user data such as search history, contact lists, and purchase records. Investigate the extent of the threat through IRB-approved measurements on a university's public wireless network, and consider the alarming implications for Tor users' anonymity. Evaluate various protection mechanisms, including the EFF's HTTPS Everywhere extension, and understand their limitations in fully mitigating the risk of cookie hijacking attacks.
Syllabus
Intro
Who we are
Current State of Affairs
Chapters
Bad Cookies!!!
Migrating to HTTPS
Cookie Hijacking in the Wild
Eavesdropping
Stealing the Cookies
Accessing the Data
Search engines
Yahoo
E-commerce
Ad Networks
Cookie Hijacking Cheat Sheet
Attack Evaluation
Large-scale Cookie Exposure
Attack Implications - Tor Network
Countermeasures
HSTS: Issues
HTTPS Everywhere: Issues
HTTPS Everywhere: Effectiveness
Disclosure
Aftermath
Sound Bytes
Questions
Taught by
Black Hat