Hello, iDEFENSE Labs has released a paper entitled "Brute-Force Exploitation of Web Application Session IDs." It covers the basics of brute-forcing web applications through guessing or reverse engineering state session IDs which are often used for authentication purposes. Several examples are shown using some familiar web sites and applications on how stealing or mimicking a legitimate user's credentials is possible. All relevant vendors and site administrators were informed responsibly before publication. The paper is available at http://www.idefense.com/sessionids.html David Endler Director, iDEFENSE Labs dendler@idefense.com www.idefense.com
