RE: Session Hijacking

["Chaminda Rajamanthri" <ChamindaR () zillione com>]

Its is possible for compromising your network via sniffing.


Best Regards,

Chaminda Rajamanthri          

Technical Specialist 

ZILLIONe Systems Solutions (Pvt) Ltd.

166/2, Havelock Road ,

Colombo - 05 Sri Lanka

Tel: +94 (011) 451 5350 - Ext: 186

Fax: +94 (011) 259 9670

Email: ChamindaR () zillione com

http://www.zillione.com

  


-----Original Message-----
From: Frank Oz [mailto:jedi31337 () gmail com] 
Sent: Thursday, January 19, 2006 6:01 PM
To: security-basics () securityfocus com
Subject: Session Hijacking

Just a quick question as I'm preparing a Web Portal document and wanted
to
include some security pieces. This customer wants to have a 2-6 hour or
even
umlimited timeout set for their user when they disconnect, because
they don't want to re-login every time.

If a user closes his browser and the session stays active, what else can
a
hacker achieve during this time ?

Thanks for the help in advance !

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------