4 Apr
2017
4 Apr
'17
8:59 p.m.
On 4/4/2017 11:22 μμ, Andy Smith wrote:
Hi,
Approximately 8 hours ago we were made aware that Cross-Site Request
Forgery (CSRF) could be used to trick a logged-in user of the
BitFolk Panel at https://panel.bitfolk.com/ into carrying out
changes that could allow their account to be compromised.
Which goes to show that LOGGING OUT of services when you're done is
always the best policy.
Any hack of your machine will immediately go for your cookies, where
your session is stored.
So cleaning the cookies is also a mitigation.
--GM