[thelist] RE: Most standards compliant browser?
Andrew Forsberg
andrew at thepander.co.nz
Mon Jan 21 16:53:33 CST 2002
Hi Jeff
Took a while to find it, but here's the MS bulletin:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-055.asp
>From their bulletin:
>a malicious user could potentially craft a URL that would allow them
>to gain unauthorized access to a user's cookies and potentially
>modify the values contained in them. Because some web sites store
>sensitive information in a user¹s cookies, this could allow personal
>information to be compromised. Both vulnerabilities could be
>exploited either by hosting specially crafted URL's on a web page or
>by sending them to the victim in an HTML email.
I should really have said 'world readable and world writable'. A
really basic standard of privacy was lacking in 5.5 and 6.0 for quite
some time.
There's also the super cookie problem:
http://www.computerbytesman.com/privacy/supercookie.htm
Cheers
Andrew
> ><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
>> From: Andrew Forsberg
>>
>> You mean, like the standard where cookies are not world
>> readable? :)
>><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
>
>got a link to a security bulletin on that one?
>
>i'm aware of a couple of security issues relating to cookies, but not ones
>that i'd describe in the general terms you use.
--
Andrew Forsberg
---
uberNET - http://uber.net.nz/
the pander - http://thepander.co.nz/
More information about the thelist
mailing list