Sidejacking is stealing someone’s access to a website, often done on wireless public networks. To sidejack access to a website, the bad actor uses a packet sniffer to obtain an unencrypted cookie that grants access to a website, such as webmail. Sidejacking allows the bad actor to impersonate the user as the session cookie is already providing access to the website’s content.

Sidejacking does not allow the bad actor access to the user’s password. Once the session is logged off, and authentication is required to log in, the bad actor loses access. SSL access helps prevent the discovery of passwords, but many sites do not encrypt data after login and are open to this type of security hole.

Firesheep, Man-in-the-middle attack, Security, Security terms, Session cookie

  • How to protect yourself while on the Internet.
  • Computer security help and support.