all InfoSec news
How Google plans to make stolen session cookies worthless for attackers
Help Net Security www.helpnetsecurity.com
Google is working on a new security feature for Chrome called Device Bound Session Credentials (DBSC), meant to prevent attackers from using stolen session cookies to gain access user accounts. Session (i.e., authentication) cookies are stored by browsers when a user logs into web resources. Getting ahold of them allows attackers to mount “pass-the-cookie” attacks by injecting stolen access tokens into new web sessions and thus “impersonating” the original user without having to authenticate themselves. … More →
The post …
access accounts attackers authentication browsers called chrome cookies credentials device don't miss feature google hot stuff logs malware mfa plans prevent privacy public-key cryptography resources security session stolen web working