How to log out of DivX support
Posted by John Dangerbrooks
It has a been long time I didn’t post here, since I simply didn’t have a case worthy of sharing. How weird. By now, you all must have heard all the important news. Internet Explorer 8 and DivX 7 are released and Firefox 3 is also looming in the horizon.
A few days ago, I visited DivX Support site to get help about a problem with DivX 7 updater. Apparently, there is a bug in this updater: It incorrectly reports an update being available and then "updates" your DivX 7 to the same version! As of today, this problem is not solved. Anyways, it was not my first visit to the DivX Support website, but I wasn’t there for a long time and I found the site totally redecorated.
A few hours later, I received an e-mail notification and logged on to the support site to check the response… but not using my personal user account! As you know, a security-savvy person working in an alien environment or on a shared computer always logs out when he is done with his websites. However, I was dumbfounded when I realized that there was no logout button! Seriously, there was no way to log out of DivX Support! I closed Internet Explorer, hoping that the site had merely logged me on using a temporary session cookie. I was disappointed: When I reopened the web browser and summoned DivX Support web site again, I was still logged on!
I immediately reported this issue in the same ticket and fortunately received an answer: Although no Logout button was provided, users could log out by opening the followning URL: http://support.divx.com/mydivx/logout. Later, I investigated DivX Support cookie a little bit more. The cookie is persistent, but expires within two hours. However, two hours is still too long a period of time on a shared computers to leave your support account vulnerable; thus allowing any other user to expliot this opportunity and steal your private identity information.