Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
C
C
Chris Dixon2021-04-26 23:09:38
Malware
Chris Dixon, 2021-04-26 23:09:38

How to protect session cookies from decryption and subsequent substitution?

There is a type of malware called "stealers" that are able to decrypt cookies, passwords and bank cards stored in the browser and send them to the creator by mail and more recently also via telegram api. Luckily, I don't store passwords and bank card details in my browser, but use password managers with strong encryption. But cookies are a kind of session files, by changing which you can log into your account without entering a log / password, and if an attacker gets them, then I won’t even know that I was hacked, because in fact there was no authorization on the site and the site thinks that I have entered true owner. I could set my browser to delete cookies every time I close my browser, but I don't think that would be very convenient, because I have to re-login and go through 2FA every time. Naturally, every time before launching the program, I carefully check it, and if anything, I run it on a VPS server. But still I would like to protect myself from this kind of hacks, how do I do that?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
R
rPman, 2021-04-27
@rPman

Cookie protection = protection of the local machine from an intruder
The best solution available to almost everyone is to separate physically critical tasks and the rest on different machines by connecting them to the workplace via KMS (keyboard + mouse + monitor switch between two computers), on one you use only the critical to hacking information - banking services, cryptocurrencies, a password manager ... and everything else on the other. And no shared folder. Ideally, machines can also be divided into different networks, since routers that can do this are already quite affordable (for example, a kineticist can).
If nothing is run on the critical machine except the browser, then the cookies will be quite securely protected. Of course, timely updates. It is quite possible to trust this machine to linux, anyway, no one will notice the difference.
As a development of the method - the use of virtual machines, provided that the hypervisor will not be used in any other way, except for running virtual machines. But in this case, there may be problems with computer games.

Similar questions
D
deleted-rss1alex2015-07-18 15:55:59
How to install the original drivers correctly? 1Reply
Y
yasv2015-08-02 19:28:12
In the user's messages, an insertion of javascript code is added. What could it be? Is the problem on the client or on the server? 1Reply
I
IvankoPo2017-07-28 18:00:50
How can I permanently disable an intruder from my computer? 7Reply
K
Kirill2015-08-26 13:46:00
An ad screen appears on iOS, what could it be? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question