LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Password takeover

Password takeover

Posted Nov 18, 2010 0:52 UTC (Thu) by bfields (subscriber, #19510)
In reply to: Password takeover by DonDiego
Parent article: Gathering session cookies with Firesheep

Try it. Go to facebook, and try to change your email address or your password without re-entering your password. You'll find it doesn't let you, even though you've given it a session cookie. And that's by design....

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds