Hacked email suggestions

Started Jan 30, 2013 | Discussions thread
wklee
Senior MemberPosts: 2,727
Like?
Re: Cookie attack! No need to crack password
In reply to CAcreeks, Feb 1, 2013

I do that with Firefox but it doesn't delete persistent Flash 'cookies'. I use Better Privacy for that. One thing that that I like about Firefox is their privacy mode can be set as default. Chrome's Incognito appears to be per session only.

CAcreeks wrote:

Jim Cockfield wrote:

So, no cracking of passwords was needed. All they needed to do was get a yahoo user to click on a link in their e-mail and they could then get full access to that user's Yahoo account by stealing the cookie associated with login credentials.

http://www.hotforsecurity.com/blog/yahoo-accounts-hijacked-via-xss-type-attack-5172.html

The title says cross-site scripting (XSS) but it is also a cookie based attack. Interesting that it came from the Ukraine and Cypress.

Although it is somewhat inconvenient, perhaps deleting all cookies (on browser exit) is a good idea.

Looks like the DPreview site uses cookies to record user account name and color (blue or yellow), but some other mechanism to track which articles you've read.

Just deleted all my cookies, and was shocked by how many I had.

-- hide signature --

Never buy version 1.0 of anything.

Reply   Reply with quote   Complain
Post (hide subjects)Posted by
Keyboard shortcuts:
FForum PPrevious NNext WNext unread UUpvote SSubscribe RReply QQuote BBookmark post MMy threads
Color scheme? Blue / Yellow