Forgot your password?

Close
typodupeerror
Security

+ - Session Hijacking possible in Orkut due to a bug->

Submitted by
tomcataxis
tomcataxis writes "A security flaw in Orkut has been disclosed by Susam Pal, Vipul Agarwal and Gauav Mogre which can be exploited to hijack sessions. When a user logs out of Orkut, his session does not expire at the server side. So if an attacker manages to steal the session cookie from another user, he can gain access to the compromised account even after the user has logged out. Cookies can be stolen by persuading users to click on malicious links or run malicious javascript code. The three researchers suggest the users to take the following precautions to protect their accounts from the attackers. 1. One should not run any untrusted JavaScript, program, etc. 2. On a shared system, the user must log out of Orkut by clicking the "Logout" link. This would delete the session cookies at the browser."
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Session Hijacking possible in Orkut due to a bug More

Session Hijacking possible in Orkut due to a bug

Comments Filter:

One of the most overlooked advantages to computers is... If they do foul up, there's no law against whacking them around a little. -- Joe Martin

Close