Hacker News new | comments | show | ask | jobs | submit login

Can they actually snarf cookies from other sites you're logged into, or would they only be able to get at your LinkedIn session cookies?

No. Cookies only get sent to the originating domain. What happened here is *.linkedin.com points to the rogue server so your cookies get passed to them instead of the real Linkedin.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact