Skip to main content

VoIP and WebRTC
Security Articles and News

Articles and security news about vulnerabilities and attacks affecting VoIP and WebRTC by Enable Security.

Subscribe
a phone receiver being crushed by a hand

    Setting the secure flag in the cookie is easy

    Published on Aug 29, 2008

    TechRepublic had an interesting article about the Surf Jack attack. Many people commented, some giving their own solution to the problem. However many of these solutions do not prevent the attack because they do not really address it. Of course, who ever missed the details should check out the paper. The attack has been addressed quite a while ago, and the solution is easy to implement in many occasions. So no need to reinvent the wheel or create a new solution which has not been peer reviewed yet.…

    Read more about Setting the secure flag in the cookie is easy

    Surf Jack - HTTPS will not save you

    Published on Aug 11, 2008

    Say hello to a new security tool called Surf Jack which demonstrates a security flaw found in many public sites. The proof of concept tool allows testers to steal session cookies on HTTP and HTTPS sites that do not set the Cookie secure flag. I’ve been working with two banks and some of the vulnerable sites to get this fixed before publishing my research. Mike Perry gave a talk at Defcon involving the exact same vulnerability - so there is no point in keeping this from the public.…

    Read more about Surf Jack - HTTPS will not save you

    Subscribe

    Receive high-quality, low-volume RTC security research, news and occasional updates about what we're up to.

    Interested in our services? Let's collaborate.
    Get in touch

    We hate spam and are committed to protecting and respecting your privacy. You can unsubscribe from our communications at any time. By subscribing, you are agreeing to the Privacy Policy.