by AJ on August 11, 2008
There’s a new security tool that Surf Jack that allows one to hijack HTTP connections to steal cookies – even ones on HTTPS sites. Works on both Wifi (monitor mode) and Ethernet.
Here’s a proof of concept to steal session cookies on HTTP and HTTPS sites that do not set the Cookie secure flag.
It’s really a scary to see that even Gmail was vulnerable before to these types of attack. So, how about Yahoo Mail? And what more if you use Hotmail Live? Makes you really think if there is such thing as 100% security nowadays.