|
Hey,
There is a problem with the cookies for activewin.com.
The login cookie is not encrypted. So your user name and pw are stored in plain text. Very bad. It needs to be encrypted. So atm anyone who has logged into activewin.com and has a cookie on their computer is in danger of getting their user name and pw stolen.
Not only that but the cookie does not expire 1/01/10, so for 6 years. So it will always be there unless you delete it. For a very long time. And since so many people use the same user and pw for many different websites an attack could be pretty dangerous.
Also the forums are not in danger since the pw is encrypted. Though I would also encrypt the user name as it is in plain text atm as well.
Just thought I would give you guys aheads up. I just found 15 computes with activewin user name and pw at class today. lol 13 of them work on different web sites such as yahoo and hotmail.com. lol
Luckly I am a nice guy and told them to change their user name and pws.
Just thought you guys might like to know if you vist that site and keep the cookie so you stay loged in. Your at risk of getting your user name and pw stolen. Pretty easly as it is in plain text. lol
Take Care,
Will
__________________
Ad Muncher Usage Statistics for v4.7 Build 27105/1624
Adverts removed by Ad Muncher: 1,601,933
Approximate bandwidth saved: 12,515 MB
Counter started: April 2, 2003
Download: http://war59312.admuncher.com/download.shtml
|
Linear Mode
