Y
Hacker News
new
|
ask
|
show
|
jobs
by
ViViDboarder
2565 days ago
Or just steal your session tokens. Not all apps are secure enough to prevent session roaming.
1 comments
dwaite
2565 days ago
Or just remote drive your session. Token exfiltration isn't required if you can do XSS or say script injection via browser extensions (and exfiltration is more likely to hit anomaly/fraud detection)
link