An Orkut session cookie once stolen can be used by an attacker to mess
with the compromised account as long as the session associated with that
cookie remains alive at the server. Unfortunately, in case of Orkut, it
remains alive even after the user has logged out.
Joseph's experiment proves that
my firnd got my session cookie a day before yesterdy..
is there any method i can stop him by using my orkut account?
On 7/10/07, Deeþàn Chakravarthÿ <[EMAIL PROTECTED]> wrote:
Joseph Hick wrote:
> If you sign into orkut.com then enter orkut in the
> filter box then you will see some orkut cooki
Joseph Hick wrote:
> If you sign into orkut.com then enter orkut in the
> filter box then you will see some orkut cookies. Look
> for orkut_state in www.orkut.com site.
>
> It will work if you are logged in. if you log out
> orkut_state cookie disappears but the session remains
> active in orkut.co
If you sign into orkut.com then enter orkut in the
filter box then you will see some orkut cookies. Look
for orkut_state in www.orkut.com site.
It will work if you are logged in. if you log out
orkut_state cookie disappears but the session remains
active in orkut.com server. So a big problem is
ha
Joseph Hick wrote:
> This is the interim result of a proof of concept for
> Google Authentication issues posted in the threads...
>
> 1.)
> http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/064143.html
> (Orkut Server Side Management Error by Susam Pal &
> Vipul Agarwal)
>
> 2.)
> http:/
This is the interim result of a proof of concept for
Google Authentication issues posted in the threads...
1.)
http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/064143.html
(Orkut Server Side Management Error by Susam Pal &
Vipul Agarwal)
2.)
http://lists.grok.org.uk/pipermail/full-dis
