Reconsidering The Side-jacking Attack
Not that long time ago, I've made some comments on Robet Graham's side-jacking attack. Clearly, my reasoning was based upon the his PowerPoint slides but not his BlackHat presentation, where he is more then clear about the motivation behind his work. I've become part of the senseless bashing masses, which are currently haunting the hacker circles. Therefore, I would like to make things right once and for all on this particular topic.
Although Robert's research comes down to sniffing the air and extracting cookies from unencrypted HTTP session, which is not in particular new, I consider his work very innovative, simple but very powerful. He clearly improved upon an area which no one was looking at the time of his presentation and he made a serious impact on the overall user awareness. The most interesting part of the side-jacking attack is not the concepts that it involves but the types of tools it makes use of. I can see that Robert is very clear about that, after previewing his BlackHat talk. The Hamster and Ferret tools have introduced a new era of tool design many future project will probably incorporate. Simply put, these tools make the process easier and this is quite important in many, many ways.
My judgment was based upon entirely on what I would like to refer to as the new factor. We, as a community, are keen to appreciate innovation but fail to see when it is not obvious. This statement may sound controversial but it is not far from the truth. Bugs are discovered on a daily basis but yet we are most interested to read about them rather then look for the small changes that make big impacts. I hope that we change this type of thinking one day and embrace a bit more of the creative spirit, the spirit that is not restricted by any boundaries, false believes and mostly prejudice.
Open your eyes and clear your mind.Comments Powered ByDisqus
Can't get enough? Here is more.
- 30mins Introductionary Presentation On Client-side Security
- Holes In Embedded Devices Authentication Bypass (pt 3)
- Holes In Embedded Devices Authentication Bypass (pt 2)
- Holes In Embedded Devices Authentication Bypass (pt 1)
- The Pownce Worm (Yet Another Potential AJAX Worm)
- Total surveillance made easy with VoIP phones