Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
xenophanes
on June 3, 2009
|
parent
|
context
|
favorite
| on:
How I Hacked Hacker News (with arc security adviso...
i think if you get a valid login cookie, and use it, it will tell you what account you have in the top right.
mariorz
on June 3, 2009
[–]
Well obviously, but you couldn't do a brute force attack like this to a specific account.
e1ven
on June 3, 2009
|
parent
[–]
I believe the implication is that you'd have a sessionid. Effectively, the username and password rolled into one unique number, stored in the cookie.
dfranke
on June 3, 2009
|
root
|
parent
[–]
I think by 'specific account' he means 'chosen account', in which case he'd be correct without more targeted social engineering.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
