‘Exploit enables continuous access to Google services, even after a user’s password is reset,’ researcher warns
Hackers discover way to access Google accounts without a password::‘Exploit enables continuous access to Google services, even after a user’s password is reset,’ researcher warns
The main difference that makes this worse is that they can get persistence and maintain access even if the user resets their password (i.e. revoke session tokens). Hackers are usually limited to the fairly short lifetime of the session token (usually a few hours).
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@lemmy.world
This is a most excellent place for technology news and articles.
English
So it is session hijacking, something that has been known for a while?
The main difference that makes this worse is that they can get persistence and maintain access even if the user resets their password (i.e. revoke session tokens). Hackers are usually limited to the fairly short lifetime of the session token (usually a few hours).
Firefox users keep winning.
This isn’t new at all. This is called session hijacking, and it’s been around for decades.
LTT just made a couple videos about it last year, because it happened to them.
So the moral is use Firefox and not Chrome?!