Everyone including myself use to think that https:// (the internet protocol for secure hypertext transfer protocol) was secure. This connection called Secure Socket Layers (ssl) is a way that your computer uses port 443 to send encrypted data between you and the individual site. With the exchange of a valid certificate the secure socket layers of https secures data from one point to another point. At Defcon in 2008 a presentation to release a tool to steal https cookies was demonstrated and shown. This tool creates a huge risk for users of email, banks and other secure websites. Each https site normally requires a 'cookie' to be placed on your computer so that the session can be monitored. Interception of this cookie provides a way for hackers to use the cached information to gain access to your secure data.
Why does this matter? Transmission of confidential data about an individual or their accounts could possibly be compromised by following the aforesaid steps. A summary below is how this takes place (excerpts from pdf file available on the web): The use of a fully automated pylorcon tool, for cookie gathering, caches DNS responses, listens for 443 connections, uses cache to map IP to domain name, stores IP+host into injection queue, next time the IP connects to any website: it injects <img src=”http://yourstuffaddress”> and then gathers any resulting cookies and writes cookies.txt file for use in Firefox.
