Hacker News new | comments | show | ask | jobs | submit login

Normally the security@ team is very responsive, and not that hard to find:


As for your specific claim about cookies, there is a little checkbox labeled "Keep me logged in" or "Remember me" on the login page. If you don't trust the terminal, don't check that box. Leaving it unchecked will set the personally identifiable cookies to expire at the end of your browser session.

This is the same advice given for any website about unsafe terminals, and anyone who has 15 years of security industry experience would be aware of cookie expiration. What exactly are you claiming here?

He's talking about after having clicked "log out". I don't think the "keep me logged in" button factors in here (though I could be wrong).

this has nothing to do with 'keep me logged in' and as I mentioned in the post I contacted a number of facebook contracts a number of times (including the standard security report track) and never heard back

Fair enough. I will follow up. FWIW, the act cookie is always set to session only.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact