cross-cookies (Re: [thechat] Now what! (Microsoft investigating alleged flaw in IE browser))
Joe Crawford
jcrawford at avencom.com
Wed Jan 9 12:05:37 CST 2002
Olly Hodgson wrote:
>>Great! The world's most used browser now has another security flaw!
>>
>
> I reckon the others have just as many holes in them, its just the hackers
> arent trying to bring down the mighty microsoft empire, and besides, there
> just arent enough users of Opera/Mozilla/Konquerer etc to justify hacking
> into them :-)
Not that big. Being able to access cookies across domains is *very* bad
news. It makes liars of those of us who put up pages that say things
like "cookies are safe, don't worry about them."
It's really bad, and really surprising to me that they allowed *this*
kind of error. As someone on another list I frequent said -- "great! now
I can access someone else's Passport cookie! I sure do want to trust
Microsoft with my data!"
Crap, I just went off topic.
<tip>
My cat is so cute! http://artlung.com/che
</tip>
- Joe <http://artlung.com/>
More information about the thechat
mailing list