You are viewing a single comment's thread from:
RE: [SECURITY BUG] Steemit vulerable to session hijacking
That's pretty severe. I've played with XSS exploits before and it's relatively easy to craft an attack along this vector even for a non-professional dabbler.
How involved/difficult is the proposed fix? Think we would all sleep a little better knowing nasty shit like that is taken care of on the platform.
BTW, in the meantime until this is fixed, one way to protect yourself from the exploit is to make sure your internet browser is set to never remember your Steem password, and the "keep me logged in" function is turned off.
I already did this (not save my pass in GOogle browser). I am not even using Steem mobile app (I have android) just i would need to save the pass in it. arghh