5 Replies - 690 Views - Last Post: 15 February 2017 - 09:19 PM

#1 r.stiltskin  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 1990
  • View blog
  • Posts: 5,317
  • Joined: 27-December 05

Forged cookies

Posted 15 February 2017 - 03:15 PM

I assume you're aware of Yahoo's "forged cookies" notifications ...

Quote

Our outside forensic experts have been investigating the creation of forged cookies that could allow an intruder to access users' accounts without a password. Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account...


If I understand that correctly, it means that these breaches didn't involve any interaction with any users' devices at all -- instead the attackers convinced Yahoo's servers that they were merely continuing an already-established session. Any forged cookies that were used were on the intruder's equipment. No action or lapse of attention on the part of any Yahoo user had anything to do with enabling this breach (other than perhaps using the "keep me signed in" option thus causing the servers to believe there was a valid ongoing session somewhere?). Am I missing something?

But oh, it was done by a state sponsored actor who used forged cookies, so it's really not our fault. After all, "we continuously enhance our safeguards and systems that detect and prevent unauthorized access to user accounts."

If so, most of the remainder of the announcement serves only to distract readers from the realization that this was 100% attributable to a weakness in Yahoo's systems. Agree/disagree?

Is This A Good Question/Topic? 0
  • +

Replies To: Forged cookies

#2 modi123_1  Icon User is offline

  • Suitor #2
  • member icon



Reputation: 13400
  • View blog
  • Posts: 53,478
  • Joined: 12-June 08

Re: Forged cookies

Posted 15 February 2017 - 03:17 PM

Oh it's always about deflection.. more so when they were looking to be bought, but so it goes.

Probably why their 500 million accounts were jacked.
http://www.dreaminco...stolen-in-2014/
Was This Post Helpful? 0
  • +
  • -

#3 snoopy11  Icon User is offline

  • Engineering ● Software
  • member icon

Reputation: 1317
  • View blog
  • Posts: 4,022
  • Joined: 20-March 10

Re: Forged cookies

Posted 15 February 2017 - 03:52 PM

I haven't used Yahoo since the 90's dearie...

I gave up when I was searching for Bookcases and the first three hits were porn sites...
Was This Post Helpful? 0
  • +
  • -

#4 hexagod  Icon User is offline

  • D.I.C Head

Reputation: 5
  • View blog
  • Posts: 242
  • Joined: 29-October 16

Re: Forged cookies

Posted 15 February 2017 - 06:01 PM

Snoopy back in 97 or so it was great for cheat codes! LOL hence my Avatar :)
Was This Post Helpful? 1
  • +
  • -

#5 astonecipher  Icon User is offline

  • Too busy for this
  • member icon

Reputation: 2329
  • View blog
  • Posts: 9,356
  • Joined: 03-December 12

Re: Forged cookies

Posted 15 February 2017 - 07:34 PM

Thats why I like oatmeal!
Was This Post Helpful? 0
  • +
  • -

#6 no2pencil  Icon User is offline

  • Professor Snuggly Pants
  • member icon

Reputation: 6544
  • View blog
  • Posts: 30,650
  • Joined: 10-May 07

Re: Forged cookies

Posted 15 February 2017 - 09:19 PM

View Postastonecipher, on 15 February 2017 - 09:34 PM, said:

Thats why I like oatmeal!

you elitist...
Was This Post Helpful? 1
  • +
  • -

Page 1 of 1