mobile

SessionJuggler Secure Web Login from an Untrusted Terminal Using Session Hijacking

By , , ,   @WWW 2012
0 reaction(s) | 0 downloads
Session Juggler allows to log into any websites on an untrusted terminal on any modern browser by using a simple bookmarklet and a smartphone. The site credentials are never transmited to the untrusted. With Session Juggler users never enter their long term credential on the untrusted terminal. Instead, users log in to a web site using a smartphone app and then transfer the entire session, including cookies and all other session state, to the untrusted terminal.
Downloads
paper
slides
You might also like reading

Blog 2011

Tracking users that block cookies with a HTTP redirect

Web security 2010

An Analysis of Private Browsing Modes in Modern Browsers

Clickjacking 2010

Framing Attacks on Smartphones Dumb Routers and Social Sites Tap-jacking Geo-localization and Framing Leak Attacks

Study 2010

State of the Art Automated Black-Box Web Application Vulnerability Testing

Clickjacking 2010

Busting Frame Busting a Study of Clickjacking Vulnerabilities on Popular Sites
Comments
About me
Researcher at Google, specializing in Internet security and privacy.
Latest blog posts
Latest social News
about an hour ago
After Twitter turn on 2 steps authentication, Kim Dotcom claims to have invented - http://t.co/NYf3ajtkVr#security#twitter#fb#seo
4 days ago
What Your Facebook Profile Photo Says About You - http://t.co/THHqZQxFem#fb#twitter#psych#smo#seo#privacy
5 days ago
Emotion color guide. Awesome ! What is your color? :)#design#web#art#ux http://t.co/bndVZysO5t
5 days ago
When a porn site masquerades as the Apple App Store - http://t.co/x3r0UKGUlX#ios#apple#security#seo#mobile
6 days ago
'Financial Times' Website and Twitter Accounts Hacked - http://t.co/asOWR3Hdi5#security#privacy #syrianelectronicarmy#wsj
Share me!