Level 1

Congratulations! You leveled up, but you aren't logged in so we can't save your points.

0 Hypes | 0 Bashes

Hacking Social Media Sites Become Easier By Exploiting Cookies

http://www.houstonianonline.com/news/... Internet users may want to keep an eye on their cookie jar, because a new discovery has linked cookies with hacked social media accounts. Internet researcher Rishi Narang discovered a flaw in the way cookies are used by Twitter, LinkedIn, Microsoft Outlook/Live, and Yahoo. According to Australia's SC Magazine, Narang found that cookies can be "stolen and used" in a "session fixation" attack. A session fixation is a method of hacking that tricks a victim into using a session identifier chosen by the attacker. If successful, it represents the simplest method with which a valid session identifier can be obtained. One student at SHSU however didn't find the exploit a big deal. "If I got hacked like that, I wouldn't really care," senior student Christopher Valva said. "It's just a Twitter account. It's not my entire life." If an attacker can intercept cookies while the user is logged in, the attacker could effectively convince the website that their browser is the original user's browser, gaining "unfettered access" to your account. Not even a password change could keep the attacker out. It goes without saying that this form of hacking only works if the user is logged in, because the cookie is deleted when the user logs out. LinkedIn is an exception however, because sometimes it retains a user's cookie for three months. Rishi Narang evaluated about how this new exploit affects session management security in his blog. "Ever since the session management grew complex," Narang wrote, "its correlation with security has gone for a toss." SC Magazine also reported that they were able to duplicate Narang's method to test this exploit's effectiveness. According to their test, "[They were] able to access various Twitter accounts by inserting the respective alphanumeric'auth_token' into locally stored Twitter cookies using the Cookie Manager browser extension." The process of intercepting cookies is tedious and troublesome

Show More
moose knuckles
Look at his tiny legs
  • Magneto Bunny
  • Weird DVD Warning
  • Local adoption agency just posted this
  • Just in case you're having a bad day
  • Reason for death in any Video Game
  • Don't Mess With This Car
  • The worst way to listen to music