Thu, 24 Jul 2008
6:53 PM - Session hijacking
I was recently told that in some cases it's possible to hijack a session from any webapp, and that just journal had a problem with this. I quickly went to work on this problem. It has caused problems for big sites like MySpace and Facebook.
What does session hijacking mean to me?
Session hijacking means stealing your login. While you're logged into the account, someone could read your private blog entries and post entries to your account. Anything you can do, they can do to. They don't know your password, and can only do this while you're logged in.
What users can do to protect themselves:
- Always use the secure login feature. (SSL) This will prevent the first type of attack on your account.
- Always log out of just journal when you're done. Don't just leave the site.
Steps we're taking to minimize this attack
- A review of just journal's code is pending.