Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

+ - Twitter, Microsoft, LinkedIn, Yahoo open to hijacking->

Submitted by mask.of.sanity
mask.of.sanity (1228908) writes "Twitter, Linkedin, Yahoo! and Hotmail accounts are open to hijacking thanks to a flaw that allows cookies to be stolen and reused.
Attackers need to intercept cookies while the user is logged into the service because the cookies expire on log-out ( except LinkedIn which keeps cookies for three months). The server will still consider them valid.
For the Twitter attack, you need to grab the auth_token string and insert it into your local Twitter cookies. Reload Twitter, and you'll be logged in as your target (video here). Not even password changes will kick you out."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Twitter, Microsoft, LinkedIn, Yahoo open to hijacking

Comments Filter:

Have you ever noticed that the people who are always trying to tell you `there's a time for work and a time for play' never find the time for play?

Working...