[Chugalug] this ain't kosher:LinkedIn Accused of Hacking Customers' E-Mails To Slurp Up Contacts

William Roush william.roush at roushtech.net
Sat Sep 21 18:30:13 UTC 2013


I'll bite, how DO you gain control of a window you didn't spawn in 
javascript on a modern browser?

I could see it being done with other technologies (ex: java applets?) or 
other exploits (XSS/CSRF), but I'd figure those would seem to be a lot 
easier to detect and we'd have evidence before this even came out.

William Roush

On 9/21/2013 2:03 PM, Mike Harrison wrote:
>> I'd like to know what they mean by that... cross-window, cross-domain 
>> exploits? Aren't those nearly impossible on any modern browser?
>
> Not impossible, but I'm waiting for a better explaination of what 
> really happened. LinkedIn and other social media sites are often 
> confusing to some people, and they click [yes] and enter passwords 
> without thought.
>
> It might be as simple as morons that use the same password for email as
> things like LinkedIn, Facebook..
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug



More information about the Chugalug mailing list