[thelist] [Security] Any security risks with Low privacysettingin IE?

Kelly Hallman khallman at wrack.org
Thu Aug 7 03:42:29 CDT 2003

On Wed, 6 Aug 2003, Chris Johnston wrote:
> This includes both first and third party cookies? So what you are saying
> is that lowering the privacy settings to "low" in IE 6 poses absolutely
> no risk to users in anyway - security or otherwise?

I think everyone missed the "third party" cookie part.

Third party cookies are, as I understand it, cookies set by site A for
site B.  So in other words, I could set an ebay cookie from my site, and
those browsers would take it.  Not probably a real big risk in reality,
but in terms of security it's potential exposure.

> Are cookies truely benevolent pieces of text placed on a users computer or
> can they be used for harm?

Cookies are meant to be opaque identifiers.  They are certainly harmless 
on their own, but they are a bit sensitive since they often contain 
session tracking information.  If you allow a third party site to 
manipulate that data, there's some element of risk.

Kelly Hallman

More information about the thelist mailing list