Comments on: Lifehacker on Passwords https://blog.plip.com/2010/08/27/lifehacker-on-passwords/ Thu, 02 Sep 2010 17:21:16 +0000 hourly 1 https://wordpress.org/?v=6.7.2 By: mrjones https://blog.plip.com/2010/08/27/lifehacker-on-passwords/#comment-20 Thu, 02 Sep 2010 17:21:16 +0000 http://plip.com/blog/?p=676#comment-20 In reply to wangston.

Wangston – Excellent point! My hackles may have been prematurely raised when I read the article. Indeed, the XSS scenario you describe is exactly how the Jira/Apache hack was executed. However, I still feel there’s a level of sophistication for a good XSS hack that’s different then a script kiddie brute force.

]]> By: wangston https://blog.plip.com/2010/08/27/lifehacker-on-passwords/#comment-19 Thu, 02 Sep 2010 16:16:28 +0000 http://plip.com/blog/?p=676#comment-19 you don’t need local access to steal cookies. many/most XSS attacks allow the attacker to steal cookies remotely. there are also a lot of MITM attacks you can use to steal cookies (if i control your DNS, then you send me your cookies!)

]]>