Even if you change your password, Google's Orkut social network allows malicious hackers to log in as you for forever

Absolutely ridiculous. What the hell is going on at Google?

The Orkut application stores cookies in such a way that if your cookie is ever recreated by someone else or transmitted to someone else, they can use that cookie to log in to Orkut as you. forever. No matter how you change your credentials, you have no recourse of regaining control. So if you ever get caught in a phishing scam that sends your password to someone else and they recreate your orkut_state cookie, they can login as you forever.

Blog comments powered by Disqus