Stealing cookies: Researchers describe how to bypass modern authentication (cyberscoop.com)

submitted 6 months ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

2 comments fedilink hide all child comments

top 2 comments

sorted by: hot top controversial new old

[-] tedu@azorius.net 11 points 6 months ago

Some necessary caveats: This kind of attack can only be pulled off in relatively narrow circumstances by a dedicated attacker. Segal said the user would need to have installed a malicious browser extension or be in transit and use public Wi-Fi where their traffic could be intercepted and decrypted through a MITM attack.

Well, okay. Maybe there's something new here, but despite the many paragraphs of exposition, this sounds like exactly the sort of cookie stealing attack that's been possible for decades.

Is the big breakthrough here that somebody realized FIDO doesn't change that? Like, uh, no kidding? What's new?

[-] jax@lemmy.cloudhub.social 4 points 6 months ago

Yeah, this seems like old news - cookies can be stolen, and FIDO doesn't change that unless you are prompting the hardware token for validation with every request (which isn't feasible for most things, though might be a good idea for sensitive actions).

this post was submitted on 07 May 2024

22 points (92.3% liked)

Cybersecurity

5625 readers

136 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social