Fletchette wrote:And passwords ARE NOT STORED IN COOKIES.
The path leads to where the password is.
Something you need to read and learn about hackers/crackers and where vulnerabilities are.
Here are 2 articles that explain it.
You obviously didn't read or understand those articles. In the first, the password was NOT in the cookie, nor did it lead to the path where the password is. It's a simple redirection hack where getting the victim to click on a link directs him to another site, which then redirects him to Yahoo. In the process the "hacker" grabbed the session token and could go to the Yahoo account WITHOUT the password. The "victim's" Yahoo account was specifically targeted, otherwise this wouldn't work, and it's the SESSION cookie that is used. These ARE NOT the cookies you are deleting when you delete cookies in your browser. You'll notice that the "hack" happened LIVE when the victim was actually logging into his account, not after. The session token was grabbed in real-time, not pulled from his system afterward. Finally, the session cookie MUST exist, otherwise you couldn't use YAHOO. The "hack" was getting the "victim" to click on that fake link that then took him to his Yahoo account. This isn't really even a "hack", but rather a Phishing attack.
The second article didn't actually say or explain anything, and can basically me summed up with, "use strong passwords".
You'll notice that neither article said anything about logging out of websites, or deleting cookies to protect yourself. Why? Because it doesn't matter. In fact, the first article specifically stated that the victim logging out WOULD NOT log out the attacker.
So again, you do whatever nonsense you want, just don't spread the nonsense.