[Sayian]

course its google :D

Teh sexy google ;)

[tshark]

Lone, the reason it doesnt matter if you change your pw or not is because they still have the session id that makes them auto login to your account. It says it in the article:

Quote

Once stolen, this cookie file allows the hacker to identify himself as the victim, without the need of a password. Even if the victim does change his password afterwards, it will be to no avail. "The system authenticates the hacker as the victim, using the stolen cookie file. Thus no password is involved in the authentication process. The victim can change his password as many times as he pleases, and it still won't stop the hacker from using his box", explains Goldshlagger.

- T

[neon]

Lone, on Nov 14 2004, 05:30 AM, said:

then why the hell i still getting the damn mailer daemons  <_<

<{POST_SNAPBACK}>

actually tshark had a point but it's not what lone is referring to here.

Lone what you are getting is emails from a worm (trying to infect you). It's a fairly common one going around lately, not sure the name tho, i should look it up.

And yeah, werd@ building this up for the news.. Just another xss vuln.