Archives
-
Old Cookies Die Hard
HTTP Cookies have always been an important part of authentication, and session management. But, ever since the session management grew complex, its correlation with security has gone for a toss. Developers pay a lot of attention on keeping the session(s) valid, and more so valid even after a successful logout. Now, this accounts to a [...]
Mar 19th, 2013 | Filed under HackingTags: application, browser, cookie, facebook, google, linkedin, outlook, owasp, session management, twitter, vulnerability, web, webserver, yahoo -
Journey of a Phishing Link
We come across so many links via social networking websites, and we unknowingly click many of these. The malicious links have catastrophic results and the system as well as yours privacy is either compromised or your data takes the hit. Here is one such analysis of a link dated 17.April.2012 that I came across via [...]
Apr 18th, 2012 | Filed under Security -
LinkedIn Cookie Vuln.
Rishi Narang, a security researcher and consultant, has discovered multiple vulnerabilities in LinkedIn (www.linkedin.com) which can enable an attacker to modify an account “without password”. Read information of this session management nightmare at www.wtfuzz.com or contact him at twitter (@rnarang) for further details.
Tags: cookie, exploit, GST, hack, leo_auth_token, LIM, linkedin, narang, network, networking, POC, professional, research, rishi, rishi.narang, rishinarang, rnarang, security, session, ssl, twitter, vulnerability