i mean that as in, being able to enter my accounts without even using my password or without installing any virus in my computer. thank you!!
i mean that as in, being able to enter my accounts without even using my password or without installing any virus in my computer. thank you!!
Yes - “session hijacking”
Session jacking usually requires a virus of some sort. They need local access to the computer at a minimum.
Sketchy browser plugins have been a popular method recently.
That would be considered a virus.
It would be considered malware but not technically a virus.
Most people consider any sort of “thing installed or running on my computer against my knowledge doing bad stuff” to be a virus.
That’s why the OP said “installing any virus in my computer”
A virus is specifically malware that automatically spreads to other devices. It’s similar to a worm. They tend to spread surreptitiously using vulnerabilities or design flaws. To me that’s quite different than installing a shady browser plugin, and imo it’s better to use the term malware to make it clear privacy violating browser extensions are something people unfortunately choose to install, unlike a virus.
A lot of the shady browser extensions don’t start shady, they get bought from the original creators and updated into something malicious.
Either way, your average non-technical person couldn’t tell you the difference, so it hardly matters.
That’s true, but it’s still not a virus and I’m not going to use an inaccurate term just because other people don’t understand the distinction.
Eh, compromising the website in some way with XSS can retrieve this information also.
how can i avoid that to happen?? do i delete cookies and history every time i leave my browser?? thank you!!
Make sure you keep your software (operating system, browser etc) up to date and don’t install sketchy software.
Install a reputable add blocker on your browser as that can help.
ok thank you!! i only install open source software or software that is known to be secure.
While a good mentality to have it is not practical.
Unless you audit every open source project you use, how do you know it is safe? Look up HeartBleed a disastrous security hole is the most popular open source security package that went unknown for years. And how do you know closed source is secure? Look at MS, Apple,Alassin all major closed source orgs that have released patches for critical vulnerabilities.
Your saving grace is unless you are working for a high profile company in a sensitive area there is little chance you will be directly targeted. The only time you get targeted is when bad actors do a scattergun approach and sees who responds.