cross-cookies (Re: [thechat] Now what! (Microsoft investigating alleged flaw in IE browser))

Joe Crawford jcrawford at
Wed Jan 9 12:05:37 CST 2002

Olly Hodgson wrote:

>>Great!  The world's most used browser now has another security flaw!
> I reckon the others have just as many holes in them, its just the hackers
> arent trying to bring down the mighty microsoft empire, and besides, there
> just arent enough users of Opera/Mozilla/Konquerer etc to justify hacking
> into them :-)

Not that big. Being able to access cookies across domains is *very* bad 
news. It makes liars of those of us who put up pages that say things 
like "cookies are safe, don't worry about them."

It's really bad, and really surprising to me that they allowed *this* 
kind of error. As someone on another list I frequent said -- "great! now 
  I can access someone else's Passport cookie! I sure do want to trust 
Microsoft with my data!"

Crap, I just went off topic.

My cat is so cute!

	- Joe <>

More information about the thechat mailing list