Actu
SecurEnvoy develops technology to tackle the session cookie menace
July 2011 by
SecurEnvoy has developed a security technology that solves the problem of the session cookie, a hacking technique used by cybercriminals to hijack a users’ online session that any browser can be innocently subjected to.
The Oddjob technique, says Phil Underwood Chief Security Officer, has already been used against customers of banks in Poland and the US, indicating that cybercriminals are already aware of the fraud technology’s potential.
This is achieved, says the SecurEnvoy CSO, by lifting the relevant cookie from the users’ machine and injecting it into a second - and quite separate Web browser session.
Since cookies are used by a large number of Web sites to identify a user for the length of the online session, injecting the same cookie into a second - and temporarily parallel - Internet session, means that the second session piggybacks on the first, explained Underwood.
The SecurEnvoy advantage
SecurEnvoy believes that authentication should also encompass the entire web session. Most Two-Factor authentication solutions do not include protection beyond initial authentication. SecurEnvoy have built in signifcant steps to protect the integrity of the session and its associated cookie.
Even if someone tries to intercept the session cookie and other relevant data through nefarious means, the lack of authentication in combination with the finger-printed cookie session will cause the unauthorised session to be dropped.
Using this approach means that, even if the third-party hacker has succeeded in infecting the legitimate user with a trojan that forwards cookies and other parameters to their own system, that data is still not sufficient to beat the SecurEnvoy authentication technology.
