• HappyTimeHarry@lemm.ee
    link
    fedilink
    English
    arrow-up
    42
    arrow-down
    3
    ·
    4 months ago

    That applies to pretty much all desktop apps, your browser profile can be copied to get access to all your already logged in cookie sessions for example.

    • kryllic@programming.dev
      link
      fedilink
      arrow-up
      9
      ·
      4 months ago

      IIRC this is how those Elon musk crypto livestream hacks worked on YouTube back in the day, I think the bad actors got a hold of cached session tokens and gave themselves access to whatever account they were targeting. Linus Tech Tips had a good bit in a WAN show episode

    • douglasg14b@lemmy.world
      link
      fedilink
      arrow-up
      5
      arrow-down
      2
      ·
      edit-2
      4 months ago

      And there are ways to mitigate this attack (essentially the same as a AiTM or pass-the-cookie attacks, so look those up). Thus rendering your argument invalid.

      Just because “something else might be insecure”, doesn’t in any way imply “everything else should also be insecure as well”.