Computers got MUCH easier to use after DEC created some timesharing systems.
Even the old PDP-8 could do timesharing (as primitive as it was).
And CPM followed their design.
745 posts • joined 17 Nov 2012
One time I've seen this was where the company just used a "random" number in the query used to establish a session.
We demonstrated the failure several times - even to the point of being able to take over a managers web session and able to authorize whatever overtime we desired.
The number is essentially public information in a returned URL, thus allowing the client to replace the number with one of our own choosing.
Did they fix it by using an encrypted cookie value?
No - they just expanded the range of valid numbers... Made it harder to guess, but did not fix the problem.
Part of the problem with hackers is that they would tend to dissasemble Windows binaries to find out how they work in the first place.
That causes problems with the need for a "clean room" reimplementation to avoid the "copyright infringement" claims that would block its use, and pretty much kill the project.
Biting the hand that feeds IT © 1998–2022