Catching Compromised Cookies
tl;dr: “Slack workspaces contain sensitive data and can be an attractive target for attackers. Consider the situation where a threat actor phishes a user and manages to install malware on their device. The malware could then steal cookies, which are stored in the device’s browser, and replay those cookies to impersonate the user. To take a real world example, imagine you left your house key under the mat and someone managed to discover it, clone it, and put it back so you had no idea. One way to reduce the risk of a copied key is to change your locks regularly. If you do that, a thief would have only a limited window of time to use the key they copied.”
featured in #526
Building A More Private Web: A Path Towards Making Third Party Cookies Obsolete
-
Justin Schuh
tl;dr: Within 2 years, Chrome plans to phase out 3rd party cookies and maintain a healthy ad-supported web, using open-standard mechanisms like the Privacy Sandbox.
featured in #169