RSS
04 May 2010

Twitter Cookies mit dem Passwort gekoppelt

Author: Banana | Filed under: Sicherheit
Tja ich weis nicht was ich noch dazu sagen soll:

It is impossible to maintain a secure session with Twitter, for multiple reasons. Additionally, once a session has been
hijacked, it is possible for the attacker to maintain control over the account (not just the session) indefinitely,
unless the user changes their password. This is because the session cookie has the same lifetime as the password.

Impossible to Maintain Secure Session With Twitter.com Web Interface

This cookie works even after the user logs out using the http://twitter.com/logout action, and even after the user logs
back in again to start a new session. The only way to invalidate this cookie is to change the user's password, which
results in a new, equally long-lived password_token value.


m(

Defined tags for this entry: , , ,
Related entries by tags:
Tweet This!

0 Trackbacks

Trackback specific URI for this entry

  1. No Trackbacks

0 Comments

  1. No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA