Bypassing Passwords
Authors: Asbjørn Reglund Thorsen

Date: December 2013
Publication: 5th International Conference on Passwords (Passwords13 Bergen)
Source: Currently no known Internet copy of paper.

Abstract or Summary:
Passwords are often the primary means of authenticating to a web site, but afterwards authentication cookies are used to identify your session. This talk discusses the risks of passing session cookies over unencrypted connections (HTTP instead of HTTPS). It introduces a new tool named Webspy (similar to the older Firesheep) that can be automated to capture session cookies off the local network and use them in your browser to impersonate users. Note: Video of presentation:

Do you have additional information to contribute regarding this research paper? If so, please email with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2019