306 Chapter 12 ■ Session Hijacking
- A public use workstation contains the browsing history of multiple users who logged in during
the last 7 days. While digging through the history, a user runs across the following web address:
http://www.snaz22enu.com/&w25/session=22525. What kind of embedding are we seeing?
A. URL embedding
B. Session embedding
C. Hidden form embedding
D. Tracking cookie - Julie has sniffed an ample amount of traffic between the targeted victim and an authenti-
cated resource. She has been able to correctly guess the packet sequence numbers and inject
packets, but she is unable to receive any of the responses. What does this scenario define?
A. Switched network
B. SSL encryption
C. TCP hijacking
D. Blind hijacking - Session hijacking can be performed on all of the following protocols except which one?
A. FTP
B. SMTP
C. HTTP
D. SSL - Which technology can provide protection against session hijacking?
A. IPSec
B. UDP
C. TCP
D. IDS - Session fixation is a vulnerability in which of the following?
A. Web applications
B. Networks
C. Software applications
D. Protocols - Session hijacking can be thwarted with which of the following?
A. SSH
B. FTP
C. Authentication
D. Sniffing