Date: December 2013
Publication: 5th International Conference on Passwords (Passwords13 Bergen)
Source: Currently no known Internet copy of paper.
Abstract or Summary:
Passwords are often the primary means of authenticating to a web site, but afterwards authentication cookies are used to identify your session. This talk discusses the risks of passing session cookies over unencrypted connections (HTTP instead of HTTPS). It introduces a new tool named Webspy (similar to the older Firesheep) that can be automated to capture session cookies off the local network and use them in your browser to impersonate users.
PasswordResearch.com Note: Video of presentation: https://www.youtube.com/watch?v=x9Jo-R4N3bk
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.