Security Basics mailing list archives
Re: Yahoo Webmail Sessions
From: "Paul Kurczaba" <paul () myipis com>
Date: Thu, 20 May 2004 16:27:19 -0400
Maybe the problem lays within the "Last-Modified: " property of the HTTP response. In your case, the proxy server believes the webmail page hasn't changed, therefore it gives you the earlier users page; the cookie on your computer doesn't match the earlier person's webmail session, therefore you get the error. What happens if you clear the cache on the proxy server? -Paul Kurczaba ----- Original Message ----- From: "Rohit" <rohits79 () yahoo com> To: <security-basics () securityfocus com> Sent: Tuesday, May 18, 2004 1:15 AM Subject: Yahoo Webmail Sessions
Hi All!!!, This is the third time I saw some one else's inbox i.e Yahoo Webmail, being opened right after signing in with my credentials. After typing in the credentials, I get an entirely new session. Further if I try to click open "Check mail" I get an - "invalid mailbox state" error. I am using mozilla firefox browser(on win2k) and am behind squid. Similarly in my last company ditto phenomenon occured ( but only once) using ISA proxy server (ISA plugin). Am I being sniffed etc ... Please can anyone give any pointers how this can happen and how can I avoid my session being hijacked to others similarly. Thanks rohit __________________________________ Do you Yahoo!? SBC Yahoo! - Internet access at a great low price. http://promo.yahoo.com/sbc/ --------------------------------------------------------------------------
-
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html --------------------------------------------------------------------------
--
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Yahoo Webmail Sessions Rohit (May 18)
- RE: Yahoo Webmail Sessions Randy Williams (May 19)
- RE: Yahoo Webmail Sessions Rohit (May 20)
- Re: Yahoo Webmail Sessions Paul Kurczaba (May 21)
- RE: Yahoo Webmail Sessions Randy Williams (May 19)