About half of popular websites tested found vulnerable to account pre-hijacking

From theregister.com

Two security researchers have identified five related techniques for hijacking internet accounts by preparing them to be commandeered in advance.

And they claim that when they analyzed 75 popular internet services, almost half were vulnerable to at least one of these techniques.

Avinash Sudhodanan, an independent security researcher, and Andrew Paverd, a senior researcher at Microsoft, describe their findings in a paper titled, “Pre-hijacked accounts: An Empirical Study of Security Failures in User Account Creation on the Web.”

Read more…