💯 There aren't really any other tools browsers can use for ... • Aaron Parecki

Photo - “Wear a damn mask” - Joseph https://twitter.com/photojoseph • Sep 10
That is CRAZY that all you need is the cookies to access any account — especially a google one! So if I just sent you my cookies folder… you’d have access to anything I was logged into?!

💯

There aren't really any other tools browsers can use for this right now. The process of logging in looks like basically: you type your password in google, google gives you back a cookie, your browser makes a request with that cookie and the server knows who it's for.

Portland, Oregon • 68°F

Thu, Sep 10, 2020 7:25am -07:00

5 replies
Have you written a response to this? Let me know the URL:
- Aaron Parecki twitter.com/aaronpk
  
  I just might do that haha. The shirt i'm wearing today says "I find your lack of security disturbing"
  
  Thu, Sep 10, 2020 3:57pm +00:00 (via brid-gy.appspot.com)
- Photo - “Wear a damn mask” - Joseph twitter.com/photojoseph
  
  WOW. You should put that on a Tshirt. “IT Security… it’s best if you don’t think about it”
  
  Thu, Sep 10, 2020 2:52pm +00:00 (via brid-gy.appspot.com)
- Aaron Parecki twitter.com/aaronpk
  
  tbh it's like the "security" involved in writing checks, it's best if you don't think too much about it
  
  Thu, Sep 10, 2020 2:35pm +00:00 (via brid-gy.appspot.com)
- Aaron Parecki twitter.com/aaronpk
  
  The browser doesn't have access to the MAC. Google *could* (and probably is) checking the IP address, but it's all heuristics because your IP address may change at any time, e.g. cell phones have very unstable IPs, hop in a plane and land with an IP from another country, etc.
  
  Thu, Sep 10, 2020 2:34pm +00:00 (via brid-gy.appspot.com)
- Photo - “Wear a damn mask” - Joseph twitter.com/photojoseph
  
  And the cookie doesn’t verify the machine it’s on? You’d think it’d only work if the MAC address and IP address were a match. This seems so very insecure.
  
  Thu, Sep 10, 2020 2:31pm +00:00 (via brid-gy.appspot.com)

Posted in /replies using quill.p3k.io