The “Surf Jack” security tool demonstrates a security flaw found in many public sites. The proof of concept tool allows testers to steal session cookies on HTTP and HTTPS sites that do not set the Cookie secure flag.
For a paper with detailed information go here.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.