csl
January 18th, 2006, 07:34 PM
apparently today there was incident involving cookie theft. i don't know the specifics but in an effort to help this site, i suggest that all users (if possible, have the admins enforce this from their end until all bugs are fixed) go to to their site options and switch off the following options:
Automatically login when you return to the site? (uses cookies)
Browse board with cookies?
this will not prevent a cookie from being stored BUT it will stop the site from storing a cookie that contains your bbuserid and bbpassword thus even if you were to click on an exploitable link it would prevent the other user from stealing your password cache and user id thus make them incapable of logging in as you.
i have included an image of the change.
Automatically login when you return to the site? (uses cookies)
Browse board with cookies?
this will not prevent a cookie from being stored BUT it will stop the site from storing a cookie that contains your bbuserid and bbpassword thus even if you were to click on an exploitable link it would prevent the other user from stealing your password cache and user id thus make them incapable of logging in as you.
i have included an image of the change.