Even scarier to me than the vulnerability is that Fidelity (whom I personally think is a good bank and investment company) was using a third party that allowed injection that could potentially steal a whole lot of money, affect markets, ruin or terminate billions of lives, and affect the course of humanity. What the fuck.
Even scarier to me than the vulnerability is that Fidelity (whom I personally think is a good bank and investment company) was using a third party that allowed injection that could potentially steal a whole lot of money, affect markets, ruin or terminate billions of lives, and affect the course of humanity. What the fuck.
Their knowledge of finance is certainly better than their knowledge of web tech.
Historically and today.
That’s why I’m a Schwab junkie… but finance is a hotspot for this kind of stuff.
[dead]
If it weren't already in the same domain you wouldn't be able to read a non-HttpOnly cookie anyway, so that's moot.