Re: [ACFUG Discuss] HEY

[Frank Moorman]

If there is no obvious reason, it could always be a "firesheep" attack. Essentially, this attack steals/clones your cookies which steals a session. More details here: http://en.wikipedia.org/wiki/Firesheep For the end-user, the easiest way to help prevent this is with an extension called https-everywhere. https://www.eff.org/https-everywhere  This addon essentially  forces the browser to use SSL as much as possible which will keep the cookies encrypted as well. (Note, not every site is supported...) As developers we can help prevent issues like this by using the httponly and secure attributes of cookies. Httponly helps prevent the theft of cookies through XSS attacks. Essentially, when you set a cookie, httponly does not allow _javascript_ to read the cookie. The secure attribute is primarily helps when your site is all SSL. It only allows the cookie to be used through SSL connections. (i.e. if you are directed to an unencrypted page, the cookie will not be sent.) Links for more info: http://www.petefreitag.com/item/764.cfm  http://www.adobe.com/devnet/coldfusion/articles/coldfusion-securing-apps.html   http://www.jalpino.com/index.cfm/event/read/entry/Securing_CFID_CFToken_and_JSessionID_cookies     http://stackoverflow.com/questions/1048436/forcing-httponly-cookies-with-jrun-coldfusion On 06/02/2012 09:16 AM, Peyton Todd wrote: Yes, it appears so. However, a virus scan of my computer finds nothing, the tech support person at my e-mail provider finds no change to the standard parameters that (according to him) would be used by hackers to cause other problems, and the few people who had clicked the link before I could get the warning message out report that it would not open. Unfortunately he had no clue as to how it got hacked. From: Veronika Bari <veronikab...@yahoo.com> To: "discussion@acfug.org" <discussion@acfug.org> Sent: Fri, June 1, 2012 4:41:28 PM Subject: Re: [ACFUG Discuss] HEY i think your email got hacked. From: Peyton Todd <peytont...@att.net> To: scklweorpkwpokwer...@mail.com Sent: Friday, June 1, 2012 10:11 AM Subject: [ACFUG Discuss] HEY you should give this a look http://www.spacnews.net/biz/?read=3292931 ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------