Researchers from Microsoft Research and RSA Laboratories have released a whitepaper (.pdf) the documents their study of the ease with which individual host machines can be tracked on the Internet. The team made use of data from the hundreds of millions of devices connected to Hotmail in the month of August 2010, tracking details such as IP addresses from which logins were made, cookies and (anonymized) user login IDs.

This resulted in an incidental discovery of a byzantine scheme where zombie machines were apparently forwarding cookies belonging to Hotmail accounts to distributed locations.

There were two possible explanations in the report. "First, some Web mail providers flag an account as suspicious if it logs in from multiple geographic locations in a short time span. This type of activity could circumvent that. Spreading the cookies around could let attackers access accounts without explicitly logging in, thereby reducing the likelihood of detection." The other possibility was that the researchers witnessed a precursor of hackers preparing to launch actual session hijacking attacks on real user accounts.

Though the researchers suggest that host-tracking can be used to improve security, the flip side is that hackers can conduct session hijacking by stealing and rerouting session cookies to remote machines under their control. This topic is certainly worth further exploration by online businesses and financial institutions.

For more:
- check out this article at Network World

Related Articles:
Security flaw in cloud architectures including Amazon Web Services
Report: Improper SSL implementations are widespread
Flaw in Linux DHCP client could led to remote code execution