Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Privacy

Submission + - Google App Engine open to session jacking (scmagazine.com.au)

mask.of.sanity writes: A still-active flaw has been discovered in Google Apps Engine that allows user sessions to be hijacked.

The researcher who discovered the flaw used the Cookie Cadger tool to hijack a session over an unprotected wireless network and was granted full admin access to the user's database.

The specific conditions under which the flaw exists were not revealed. It was a flaw only because Google forces its Apps Engine users onto encrypted HTTPS which prevents this type of interception.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Google App Engine open to session jacking

Comments Filter:

"If truth is beauty, how come no one has their hair done in the library?" -- Lily Tomlin

Working...