[thelist] cookies
Warden, Matt
mwarden at odyssey-design.com
Fri May 18 14:07:08 CDT 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> I can't find it now, but I remember being on a site once that COULD
> read other cookies... I thought it was GRC.com, but just checked
> and that's not it. If I recall correctly, it was either mentioned
> on thelist or on the MJ list a couple of years ago..
I believe what you are thinking of is a bug in IE that was allowing
the site to read common cookies if it knew the name of it (like
google's cookie, or ebay's cookie, and other sites the a good number
of the population will have on their computer). And it wasn't that
long ago, either. Maybe 6 months.
http://www.peacefire.org/security/iecookies/
This has since been patched.
Or, if you're thinking about NN, see:
http://homepages.paradise.net.nz/~glineham/cookiemonster.html#demonstr
ation
and
http://peacefire.org/security/jscookies/
hth,
- --
mattwarden
mattwarden.com
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOwVy7XgH0dUmEhrcEQLAZQCg2liMe5r/ni2Iuue6qDVTfKlCXlEAoLLT
hphWdEkN1ItILlKHZ1S+e4je
=dWnz
-----END PGP SIGNATURE-----
More information about the thelist
mailing list