manipulate one's cookie file and fool the site into thinking you were someone else sounds just like the early GMAIL vunerability