Hey,

There is a problem with the cookies for activewin.com.

The login cookie is not encrypted. So your user name and pw are stored in plain text. Very bad. It needs to be encrypted. So atm anyone who has logged into activewin.com and has a cookie on their computer is in danger of getting their user name and pw stolen.

Not only that but the cookie does not expire 1/01/10, so for 6 years. So it will always be there unless you delete it. For a very long time. And since so many people use the same user and pw for many different websites an attack could be pretty dangerous.

Also the forums are not in danger since the pw is encrypted. Though I would also encrypt the user name as it is in plain text atm as well.

Just thought I would give you guys aheads up. I just found 15 computes with activewin user name and pw at class today. lol 13 of them work on different web sites such as yahoo and hotmail.com. lol

Luckly I am a nice guy and told them to change their user name and pws.

Just thought you guys might like to know if you vist that site and keep the cookie so you stay loged in. Your at risk of getting your user name and pw stolen. Pretty easly as it is in plain text. lol

Take Care,
Will

Thnx for the headsup Will.

Moving this to the Security Forum