I have used the phrase "SSL/TLS secured web site". I'll explain what this means. With SSL/TLS (SSL stands for Secure Sockets Layer, a protocol and TLS stands for Transport Layer Security, a protocol developed by Netscape and used in many operating systems) the communication between a client (i.e. the browser), and the remote web server is encrypted and authenticated. With SSL/TLS it is nearly impossible to intercept the communication between a web server and a client (e.g. a browser). Therefore the communication is nearly impossible to tamper with.
8. Unfortunately, the use of SSL and TLS was not. Gmail Cookie Stealing And Session Hijacking Part 3 9. Similarly, the Internet and its users are not sophisticated enough. 10. Yet another issue is that many web servers Gmail Cookie Stealing And Session Hijacking Part 3 11. This is another potential attack vector (e.g. a malicious web site could send a request to a secure web site and the web server might respond instead with a non-secure version. Most users would not even notice because their browser would not display an error message or redirect to a secure (i.e. HTTPS) version. This would be a type of cross-site request forgery).
I haven't even mentioned how vulnerable modern web sites are to session hijacking because of poor application development practice, such as the scenario depicted in the following diagram, which depicts infected web sites. d2c66b5586