> If your user env is compromised its too late How to recover from a "my env was...

out-of-ideas · 2024-04-03T20:40:44 1712176844

> How to recover from a "my env was compromised" situation

depends on the scope of the compromise, its an open ended question with lots of rabbit holes dependent on backups and other stuff.

but as others mentioned: logging out of all sessions is a good start from the <bank, ect> side... people should be logging out of sessions anyways when not logged on a particular sites webui.

we are at a fun time when browsers have too much access (and javascript <reminds me of Flash>) to the host system that they are themselves are the OS (its been this way for many years)... the bigger issue are the websites that dont auto logoff, that have really poor password compliance, and even worse encryption of their own systems. a compromised system also means your password vault is compromised too given that it is in the same env. a more complex solution would be to have your keepassdx on an internet-less system and your browser on another system where a user logs off explicitly, if not automatically). then syncing bookmarks and play-time and sites-ive-visited can be less of a 'my whole account session' got compromised

LinuxBender · 2024-04-03T11:33:47 1712144027

Log into the bank and click the "log out of all sessions" to invalidate all cookies. Or if an attacker changed your credentials walk into the back and have a banker do it and then have the show/reverse all changes and transactions the attacker made. If the option does not exist, demand they add it or you and your money will go to another bank. Not all websites have this option but they would if enough customers demanded it.

spicykraken · 2024-04-03T17:04:07 1712163847

Not all applications provide users with the option to log out of all sessions.

Web Applications today, could do several things without the help of Google to make cookies more difficult to be stolen but they don't.