SecurEnvoy tackles trojan-based cookie hack

News

SecurEnvoy tackles trojan-based cookie hack

Cliff Saran

SecurEnvoy has developed a security technique to protect a secure web session that it claims solves the problem of hacking session cookies.

According to SecureEnvoy, cybercriminals can hijack a user's online session through cookies. The technique involves infecting a user's computer with a trojan, and then intercepting relevant web-based commands - plus cookie transmissions - to prevent the website noting that the legitimate user has terminated their online session.

"By using a trojan to log the relevant GET and POST commands, as well as injecting data into an active web session, cybercriminals can allow a legitimate user to log off their online web service, but keep the session alive on another internet connection," explained Phil Underwood, chief security officer at SecurEnvoy.

While most two-factor authentication systems do not include protection beyond initial authentication. SecurEnvoy said it has built steps to protect the integrity of the session and its associated cookie.

Even if someone tries to intercept the session cookie and other relevant data through nefarious means, the lack of authentication in combination with the fingerprinted cookie session will cause the unauthorised session to be dropped, SecurEnvoy said.

"The SecurEnvoy authentication system logs the legitimate users' IP address and several other session parameters that identify the online user, their computer and internet connection. Then, by selectively interrogating the connection on a rotational basis, it continues to authenticate the user in the background for the entire length of the session," Underwood said.

SecurEnvoy believes that even if a third-party hacker has succeeded in infecting the legitimate user with a trojan that forwards cookies and other parameters to their own system, that data is still not sufficient to beat its authentication technology.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy