BSidesLV 2013 Cookie Reuse Sam Bowne

preview_player
Показать описание
Video from BSidesLV 2013. All videos, with downloads, can be found at this link shortly:
  1. Adrian Crenshaw
  2. bsideslv
  3. hacking
  4. security
  5. irongeek
Рекомендации по теме
BSidesLV 2013 0:17:39

BSidesLV 2013 Cookie Reuse Sam Bowne

BSidesLV 2013 Cookie 0:17:39

BSidesLV 2013 Cookie Reuse Sam Bowne

BSidesLV 2013 0:38:21

BSidesLV 2013 2 2 4 Popping the Penguin An Introduction to the Principles of Linux Persistence M

BSidesLV 2013 0:22:14

BSidesLV 2013 2 1 7 Information Sharing, or I've got 99 problems and they're probably

BSidesLV 2013 1:00:34

BSidesLV 2013 2 2 3 Malware Automation Christopher Elisan

BSidesLV 2013 0:49:16

BSidesLV 2013 5 1 5 You can't make people act more securely, you can help them want to

BSidesLV 2013 0:53:25

BSidesLV 2013 2 2 6 The Slings and Arrows of Open Source Security Tod Beardsley and Mister X

Комментарии
Автор

This is a failure in chase not invaliding the session cookie on the backend server.

It's Session Reuse, not cookie reuse. Still, not good.

However, it's not "really bad". Here's why: Chase uses H T T P_S. So an attacker has to mitm the H T T P_S session. The changing password problem is really bad though.

djnetik
Автор

Interesting, short and a surprise double talk, but too much noise.

tukkek