Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Deal of the Day - 6 month subscription of Pandora One at 46% off. ×

Submission + - Twitter, Microsoft, LinkedIn, Yahoo open to hijacking (scmagazine.com.au)

mask.of.sanity writes: Twitter, Linkedin, Yahoo! and Hotmail accounts are open to hijacking thanks to a flaw that allows cookies to be stolen and reused.
Attackers need to intercept cookies while the user is logged into the service because the cookies expire on log-out ( except LinkedIn which keeps cookies for three months). The server will still consider them valid.
For the Twitter attack, you need to grab the auth_token string and insert it into your local Twitter cookies. Reload Twitter, and you'll be logged in as your target (video here). Not even password changes will kick you out.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Twitter, Microsoft, LinkedIn, Yahoo open to hijacking

Comments Filter:

"There are things that are so serious that you can only joke about them" - Heisenberg