With Stolen Session Cookies, Attackers can Impersonate Legitimate Users and Move Freely Around the Network, says Sophos
