Linux Today: Linux News On Internet Time.

More on LinuxToday

Most SSL Sites Vulnerable

Aug 09, 2011, 22:00 (2 Talkback[s])

"One example of a declarative protection measure is the use of the secure flag for cookies. Ristic explained that even for sites that are 100 percent SSL encrypted, if they don't set the secure flag on their session cookie, those cookies can be sniffed by an attacker...

"Ristic explained that the secure cookie flag is supposed to be set in the application itself. Setting a secure cookie is as easy as adding the word 'secure' in the settings for the cookie. Qualys' examination only found that 14,506 or approximately six percent of their survey base had properly configured secure cookies. Put another way, 94 percent of SSL cookies could be at risk."

Complete Story

Related Stories: