Tumblr Users Should Beware of Cookie Thieves | infoneer pulse

About this Site

Subscribe by RSS, Email, or Twitter
Archive
Random
Ask

Tumblr Users Should Beware of Cookie Thieves

Two researchers say they’ve found a security hole in Tumblr, one of the most popular sites on the Internet, that could steal users’ authentication cookies to break into their accounts.

Aditya Gupta and Subho Halder say they’ve tried to contact Tumblr about the vulnerability by using mail and Twitter, but so far no one has responded. The social sharing site hosts 59.4 million micro blogs and has published almost 25 billion posts.

The pair says they have identified a dangerous cross-site scripting vulnerability that poses risks for the site’s users, according to the site Softpedia.

“I could get the cookies of any user who visits my profile page. They are the actual Tumblr authentication cookies, which means I could use the cookies to log in to the respective user accounts,” Gupta said. “Also, I could make a complete worm out of it, so when one person views my profile, he would repost my post and everyone in his list who would see it would then be doing the same. All automatically and without the user’s knowledge.”

Notes

online-careers likes this
nursegeorgie reblogged this from charethcutestory
hkmonkey likes this
wolfbird reblogged this from infoneer-pulse
boxdog1 likes this
tanya77 reblogged this from winstonwolfe and added:

“Aditya Gupta and Subho Halder say they’ve tried to contact Tumblr about the vulnerability by using mail and Twitter,...
twinkiesandwine likes this
leoyardiechick reblogged this from witchsistah
leoyardiechick likes this
zap-saidthelady likes this
somedeadbody reblogged this from sunnylust
latenighttaskforce likes this
alectointhunderland reblogged this from ro-s-aspa-rks
puiegull likes this
mosteeze reblogged this from war-horse-can-dance
mosteeze likes this
war-horse-can-dance reblogged this from arrestomomentum
knope4president reblogged this from charethcutestory
arrestomomentum reblogged this from dayhyungs
domaniczky likes this
raakkel reblogged this from applebutterbomb
icecoldangie likes this
theprinceisgone reblogged this from afternoondlite
applebutterbomb likes this
feedthecrows likes this
sunnylust reblogged this from taozitao
jennjenn202 reblogged this from babojae
sixbucks likes this
neverwillstop likes this
misakichiuaua reblogged this from taozitao
angelsscream reblogged this from witchsistah
witchsistah reblogged this from deliciouskaek
ami-naaa likes this
chairolyn likes this
feedmyobsessions reblogged this from curtainwitcharchive
ca-thar-si-s likes this
seanpadilla likes this
yabamena reblogged this from saltmarsh and added:

Gee, someone points out something wrong with Tumblr and Tumblr staff does nothing? I’m shocked. Shocked, I say.
ms-jagger likes this
saltmarsh reblogged this from infoneer-pulse and added:

How concerned should we be about this?
alliwntiseverything likes this
waaaahlbodayz reblogged this from itnww
herblondness likes this
jitori likes this
afternoondlite reblogged this from jong-in-becca
jong-in-becca reblogged this from yunheaux
godric reblogged this from curtainwitcharchive
scoldylox reblogged this from glossylalia and added:

Um.
babojae reblogged this from taozitao
yushiny reblogged this from taozitao
Show more notesLoading...

Sites I follow

Find me on

About

infoneer pulse collects links and comment on information, technology, libraries, education, media, culture, intellectual property, copyright, ethics, design, leadership, and the future.

infoneer.net is published by Christopher D. Barth, currently serving as Librarian and Associate Dean at the United States Military Academy at West Point where he is responsible for coordinating library operations and strategic vision for academic information support.

Christopher D. Barth | infoneer pulse | infoneer perspectives

Recent Tweets

Loading tweets...

Follow @infoneer_pulse

Penman Theme created by Style Hatch
Powered by Tumblr