Skip to main content

Random Cookie and Hacking

More
18 years 10 months ago #13112 by cyberoidx
I found out that typing a website name (like hotmail) into a P2P generates a lot of cookies that could b used / exploited because stupid people share their entire drives.

Is there any way to expolit these? Like use Hotmail / Yahoo Cookies to gain Unauthorised Acess?

Surya Sharma
www.Technodrome.info
AR3 Y0U T3CH ENOUGH FOR IT?
More
18 years 10 months ago #13187 by nske
Replied by nske on topic Re: Random Cookie and Hacking
It is possible. The details depend on what information the script that generated the cookie stored in it. Commonly it could be user/password of an account in plain text, encrypted in some way, or the session id that would match the user's resource-set on the server. Session ids would be a bit harder to exploit mainly because of their limited validity duration. For more information about sessions, have a look here .

I think that's enough for someone to watch out with his cookies.

One notice however, the fact that some people show ignorance or neglect in this recard, does not mean they are "stupid".. they just might have more important things to do -not *everything* is about computers-. That certainly doesn't give others the right to mess with their personal stuff.
More
18 years 10 months ago #13202 by Dead-Neur0ns

<= IИse©u®ity Is A ®esult Of T®ying To Be Se©u®e =>
More
18 years 10 months ago #13203 by cyberoidx
Thx for the links


@nske I yet consider sharing your entire hard drive on p2p stupid

Surya Sharma
www.Technodrome.info
AR3 Y0U T3CH ENOUGH FOR IT?
More
18 years 10 months ago #13209 by nske
Replied by nske on topic Re: Random Cookie and Hacking
And someone else could consider digging through other people's personal stuff more stupid. It depends on what criteria you use to make your measurements.
More
18 years 10 months ago #13215 by cyberoidx
nice one

but then, cookies contain logins to stuff like bank / online shoppng websites .. thats not personal.. and then in case its needed, people could retrieve data without your permission.

Surya Sharma
www.Technodrome.info
AR3 Y0U T3CH ENOUGH FOR IT?
Time to create page: 0.152 seconds