Operating system has nothing to do with this attack.
Web server has nothing to do with this attack.
JIRA has to do with this attack.
If a session cookie is stolen and is valid when used by the 3rd party, it's the application's fault. The solution would be a better, more secure session manager in JIRA. Additional solution would be using HTTPS.
It's just funny, to me, that the tone here is very moderate, calm, and perhaps even lightly defensive.
If this same thing happened on an IIS box, we'd have a flood of comments of 'get a real OS!' regardless of how off target those shouts would be. It's just the nature of the beast.
From what i'm reading it could have happened to a IIS box in the exact same way.. the webserver didn't do anything wrong, nor the OS. Javascript (guessing) was used to steal a session cookie. So we could say the Browser (or lack of no-script plugin) is to blame.
Veni, Vidi, VISA:
I came, I saw, I did a little shopping.
and windows is insecure... (Score:-1, Troll)
Penguin Penguin... oh poor Penguin
Re: (Score:2, Informative)
Re: (Score:2)
It's just funny, to me, that the tone here is very moderate, calm, and perhaps even lightly defensive.
If this same thing happened on an IIS box, we'd have a flood of comments of 'get a real OS!' regardless of how off target those shouts would be. It's just the nature of the beast.
Re: (Score:2)
From what i'm reading it could have happened to a IIS box in the exact same way.. the webserver didn't do anything wrong, nor the OS. Javascript (guessing) was used to steal a session cookie. So we could say the Browser (or lack of no-script plugin) is to blame.