NNSquad - Network Neutrality Squad
[ NNSquad ] Unsafe cookies leave WordPress accounts open to hijacking, 2-factor bypass
Unsafe cookies leave WordPress accounts open to hijacking, 2-factor bypass
(Ars Technica): http://arstechnica.com/security/2014/05/unsafe-cookies-leave-wordpress-accounts-open-to-hijacking-2-factor-bypass/
"Memo to anyone who logs in to a WordPress-hosted blog from a
public Wi-Fi connection or other unsecured network: It's trivial
for the script kiddie a few tables down to hijack your site even
if it's protected by two-factor authentication. Yan Zhu, a staff
technologist at the Electronic Frontier Foundation, came to that
determination after noticing that WordPress servers send a key
browser cookie in plain text, rather than encrypting it, as long
mandated by widely accepted security practices."
- - -
--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- PRIVACY Forum: http://www.vortex.com/privacy-info
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad