Robert Graham of Errata Security has demonstrated at the Black Hat hacker conference in Las Vegas an exploit that allows attackers to login to users accounts without a password on webmail and social networking sites by stealing cookies.
Attackers would be able to real and post messages posing as the genuine user of the account, they would not however be able to make any major changes to any accounts they had hijacked as sites require users to enter a password for such activities.
