Or just steal your session tokens. Not all apps are secure enough to prevent ses... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ViViDboarder on June 5, 2019 \| parent \| context \| favorite \| on: Firefox Now Available with Enhanced Tracking Prote... Or just steal your session tokens. Not all apps are secure enough to prevent session roaming.

dwaite on June 5, 2019 [–]

Or just remote drive your session. Token exfiltration isn't required if you can do XSS or say script injection via browser extensions (and exfiltration is more likely to hit anomaly/fraud detection)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact