Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Session Hijacking possible in Orkut due to a bug

tomcataxis (1118933) writes | more than 7 years ago

Security 0

tomcataxis writes "A security flaw in Orkut has been disclosed by Susam Pal, Vipul Agarwal and Gauav Mogre which can be exploited to hijack sessions. When a user logs out of Orkut, his session does not expire at the server side. So if an attacker manages to steal the session cookie from another user, he can gain access to the compromised account even after the user has logged out. Cookies can be stolen by persuading users to click on malicious links or run malicious javascript code. The three researchers suggest the users to take the following precautions to protect their accounts from the attackers. 1. One should not run any untrusted JavaScript, program, etc. 2. On a shared system, the user must log out of Orkut by clicking the "Logout" link. This would delete the session cookies at the browser."
Link to Original Source

cancel ×

0 comments

Sorry! There are no comments related to the filter you selected.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>