Make it easier to find malware targeting your users: If you’re designing (or redesigning) your web presence and it includes login or authentication functionality of some sort, consider making your authentication cookie names unique to your system.

For example, instead of calling your authentication cookie “auth” or “session,” maybe call it “blue_tiger_cub” (completely contrived example). Now, if you’re hunting for credtheft or infostealing malware targeting your brand, your searches just got a whole lot more targeted.

This does have me thinking though…could you rotate the authentication cookie name on a regular basis?

Or maybe we could just move away from cookies for session management and use an extended version of something like #webauthn to sign every single request, but I digress…

#malware #webauthentication #cookies #securityarchitecture #threathunting #yara

Make it easier to find malware targeting your users: If you’re designing (or redesigning) your web presence and it includes login or authentication functionality of some sort, consider making your authentication cookie names unique to your system.
For example, instead of calling your authentication cookie “auth” or “session,” maybe call it “blue_tiger_cub” (completely contrived example). Now, if you’re hunting for credtheft or infostealing malware targeting your brand, your searches just got a whole lot more targeted.
This does have me thinking though…could you rotate the authentication cookie name on a regular basis?
Or maybe we could just move away from cookies for session management and use an extended version of something like #webauthn to sign every single request, but I digress…

#malware #webauthentication #cookies #securityarchitecture #threathunting #yara

This is outstanding though lengthy. Understanding Authentication In Websites: A Banking Analogy via Smashing Magazine. https://www.smashingmagazine.com/2023/01/authentication-websites-banking-analogy/ #WebAuthentication

Firefox 60 est là : Web Authentication, gestion des cookies, Modules ES6 et Policy Engine

https://www.nextinpact.com/news/106570-firefox-60-est-la-web-authentication-gestion-cookies-modules-es6-et-policy-engine.htm

#Mozilla #Firefox #Firefox60 #CssStylo #WebAuthentication #Cookies #ES6 #PolicyEngine #WebRTC

RT @mozhacks@twitter.com: We're excited to see the #WebAuthentication API and FIDO U2F support ship in Firefox 60! 🎉
Cannot wait until then? Try it out in @FirefoxNightly@twitter.com & read the intro from @JamesPugJones@twitter.com & @ttaubert@twitter.com why should you be excited too! https://hacks.mozilla.org/2018/01/using-hardware-token-based-2fa-with-the-webauthn-api/