Follow Slashdot stories on Twitter


Forgot your password?
Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×

Submission + - Session Hijacking possible in Orkut due to a bug (

tomcataxis writes: "A security flaw in Orkut has been disclosed by Susam Pal, Vipul Agarwal and Gauav Mogre which can be exploited to hijack sessions. When a user logs out of Orkut, his session does not expire at the server side. So if an attacker manages to steal the session cookie from another user, he can gain access to the compromised account even after the user has logged out. Cookies can be stolen by persuading users to click on malicious links or run malicious javascript code. The three researchers suggest the users to take the following precautions to protect their accounts from the attackers. 1. One should not run any untrusted JavaScript, program, etc. 2. On a shared system, the user must log out of Orkut by clicking the "Logout" link. This would delete the session cookies at the browser."
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Session Hijacking possible in Orkut due to a bug

Comments Filter:

"Survey says..." -- Richard Dawson, weenie, on "Family Feud"