- Downloaded
- 577.1 GB
- Uploaded
- 1.4 TB
- Ratio
- 2.56
- Seedbonus
- 316,725
- Upload Count
- 0 (0)
Member for 4 years
Hello, i just readed the two step verification post that admins made and i just wanted to make an advise on the same line (i'm not an expert).
Recently i see that attacks related to cookies are very popular, and even you can buy cookies from accounts already hijacked. There are different ways to steal your cookies, but, i would say that the most common are installing cracked software from suspicious sources, not being careful from what you download, and also maybe some direct attack with fake emails, etc. But in the end they are able to save the cookies from your browsers that are encripted, but it's possible to decript it (BLTools) and then they just load into they own browser with 3rd party extensions like a cookie manager, so, they log in into your account without need of password or 2FA, you will not notice any warning on your email, etc. This is because the webpage things that you're the same person even if is a different IP address, having your authenticated cookies will made the page ignore everything, and this is because on how is made the cookies system and also "oauth". I really don't know a 100% way of keeping safe from this kind of attack, but, at least i think i can recommend this countermeasures:
Recently i see that attacks related to cookies are very popular, and even you can buy cookies from accounts already hijacked. There are different ways to steal your cookies, but, i would say that the most common are installing cracked software from suspicious sources, not being careful from what you download, and also maybe some direct attack with fake emails, etc. But in the end they are able to save the cookies from your browsers that are encripted, but it's possible to decript it (BLTools) and then they just load into they own browser with 3rd party extensions like a cookie manager, so, they log in into your account without need of password or 2FA, you will not notice any warning on your email, etc. This is because the webpage things that you're the same person even if is a different IP address, having your authenticated cookies will made the page ignore everything, and this is because on how is made the cookies system and also "oauth". I really don't know a 100% way of keeping safe from this kind of attack, but, at least i think i can recommend this countermeasures:
- On Firefox exists and extension called
You must be registered for see links: it "lets you keep parts of your online life separated into color-coded tabs. Cookies are separated by container, allowing you to use the web with multiple accounts and integrate Mozilla VPN for an extra layer of privacy." This is probably still vulnerable to this kind of sypware, but at least is one more layer of protection, better than nothing. Also maybe the use of another different browser for certain task like banking would be recommended.
- Also i strongly recommend cleaning the browser cookies after X days, for example 15 days. I think there's also a settings on the browser where you can clean automaticlly the cookies after X days or when you close the browser (Yes, cleaning the cookies will make you have to log in every time on the websites).
- And for the least but not less important i would also recommend to use of a password manager like Bitwarden and not saving the passwords on the browser.
Last edited: