A new mod started at school this week. For you not in the know, a mod is what we call a semester at my college. It is short for module. They call it that because our semesters are only 10 weeks long, and we go year round without breaks (Except two weeks at the end of the year).
Last night I had my first class in Security Policies and Procedures. In that class our teacher starts out with current events related to security. One of the things he mentioned which I though was really cool was a relatively new method of hacking your accounts and stealing your goodies. This method is called Side Jacking. The term is so new, I couldn't find anything about it on Wikipedia (Can you believe that?). I did find something on Webopedia.com about it though. They describe Side Jacking as a:
Term used to describe the malicious act of hijacking an engaged Web session with a remote service by intercepting and using the credentials that identified the user/victim to that specific server. Typically, SideJacking is most common on sites that require authentication through a username and password, such as online Web mail accounts as well as social networking sites. SideJacking works only if the site catches a non-SSL cookie, so any Web site that uses SSL exclusively would be safe from SideJackers. SideJacking was first demonstrated by Robert Graham, CEO of Errata Security at Black Hat in 2007.
So basically, you are sitting at Starbucks. You and a bunch of other latte drinkers are sipping away typing away on your laptops. The difference between you and them is that you are basically sniffing their web browsing and mirroring their cookies, and sessions. Once you have all of their cookies you simply browse to Gmail and bam! You are in their email! Pretty cool huh?
Another thing that I find interesting is that the tool to do this is made for Windows! Most hacking tools are made for Linux. At least the really cool ones are. Not this one though! You can download both Ferret and Hamster (The tools used to do this hack) here: (SideJack.Zip)
Here is a video tutorial showing you young hackers how it's done:
Have any of you heard of this before? Better still, have any of you tried this? Let me know in the comments! I am breathless with anticipation.