[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

hijacked session anomaly?

To: OR Talk <or-talk@xxxxxxxxxxxxx>
Subject: hijacked session anomaly?
From: scar <scar@xxxxxxxxxx>
Date: Mon, 23 Jul 2007 01:48:08 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Mon, 23 Jul 2007 04:48:29 -0400
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

after anonymously replying to a thread in the mozillazine forums (that is to say, i was not logged in, cookies and javascript disabled also), i found my post to be registered to a user as if it was posted by that user.  i was also logged in with this user's credentials and could view their profile, etc.!  this was only possible for a short while, after which i suspect the tor circuit was rotated.

can someone explain how this is possible?  like i mentioned my own cookies and javascript was disabled, so all i can think of was it had something to do with the exit ip address of the tor circuit i was using during that instant.... quite alarming!

Attachment: signature.asc
Description: OpenPGP digital signature

Follow-Ups:
- Re: hijacked session anomaly?
  - From: Michael_google gmail_Gersten

Prev by Author: Spam from this list? OT!
Next by Author: flash in a stand-alone player
Previous by thread: Re: is this a bandwidth problem? my IP is a TOR exit, the client works and the server doesn't
Next by thread: Re: hijacked session anomaly?
Index(es):
- Author
- Thread