On Sat, 27 Jan 2007, Michal Zalewski wrote:
I'd like to announce the availability of 'stompy', a free tool to perform
a fairly detailed black-box assessment of WWW session identifier
generation algorithms.
I'm genuinely surprised by the amount of (mostly positive ;-) feedback I
got! Just an
Michal Zalewski wrote:
Hi all,
I'd like to announce the availability of 'stompy', a free tool to perform
a fairly detailed black-box assessment of WWW session identifier
generation algorithms. Session IDs are commonly used to track
authenticated users, and as such, whenever they're predictable
Hi all,
I'd like to announce the availability of 'stompy', a free tool to perform
a fairly detailed black-box assessment of WWW session identifier
generation algorithms. Session IDs are commonly used to track
authenticated users, and as such, whenever they're predictable or simply
vulnerable to
