Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

The Cracked Cookie Jar - HTTP Cookie Hijacking and the Exposure of Private Information

IEEE via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the critical security vulnerabilities associated with HTTP cookie hijacking in this IEEE Symposium presentation. Delve into the widespread privacy implications of partially deployed HTTPS, uncovering how service personalization can inadvertently expose sensitive user information. Examine real-world examples from major websites, including Google, Bing, Yahoo, Amazon, and eBay, revealing the extent of data leakage. Investigate the impact on mobile apps, browser security mechanisms, and ad networks. Learn about the potential for deanonymizing Tor users through these attacks. Analyze the results of a 30-day network measurement study detecting over 282,000 vulnerable accounts. Evaluate current countermeasures, including HSTS and HTTPS Everywhere, and understand their limitations in fully protecting user privacy.

Syllabus

Intro
HTTP Cookie Hijacking
Move to HTTPS
Oh, you thought it was encrypted?
Real world privacy leakage
E-commerce
Large-scale cookie exposure
Attack Implications: Tor Network
Current countermeasures
HSTS
HTTPS Everywhere
Conclusion

Taught by

IEEE Symposium on Security and Privacy

Reviews

Start your review of The Cracked Cookie Jar - HTTP Cookie Hijacking and the Exposure of Private Information

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.