Bugtraq mailing list archives
Re: cache cookies?
From: Thomas Reinke <reinke () E-SOFTINC COM>
Date: Mon, 18 Dec 2000 18:03:30 -0500
Nick Lamb wrote:
On Thu, Dec 14, 2000 at 02:06:48AM -0500, Thomas Reinke wrote:Actually, it *does* work. We have on our site a working demonstration of the exploit, showing whether or not you've visited one or more of more than 80 different well known sites. The URL is http://www.securityspace.com/exploit/exploit_2a.htmlNot very impressive. Mozilla M18 showed very poor results, spotting only one of the sites I had visited (out of a dozen or so), and on subsequent loads after visiting more sites it reported "Cache hit" for everything. Tests with other sites, with a fresh browser config, on different systems, revealed that test results stayed low, sometimes zero effectiveness, usually less than 50%.
I agree the example isn't all the impressive. Mind you, we had excellent results, but on a very specific set of configurations (I.E. 5, Netscape 4.7, Win NT with latest SP, all on high speed cable). The demo IS weak. It says it is. There are much better mechanisms. That wasn't the point of the demo - the point was to demonstrate the capability.
Where would you store this flag? In a Cookie?
The paper describes how you could store this in a web page. In fact, what they call "cache cookies" are in fact web pages that contain knowledge that the server sends to the user. Ed, Mike (authors of the paper...) if you're reading this, perhaps it would be better if you put up your examples. #1, I think we can all presume you spent much more time at this than the 5 hours I spent hacking a demo and a writeup together, and your examples should as such be functioning much better... Thomas -- ------------------------------------------------------------ Thomas Reinke Tel: (905) 331-2260 Director of Technology Fax: (905) 331-2504 E-Soft Inc. http://www.e-softinc.com Publishers of SecuritySpace http://www.securityspace.com
Current thread:
- Re: cache cookies? Clover Andrew (Dec 14)
- Re: cache cookies? Thomas Reinke (Dec 15)
- Re: cache cookies? James N. Potts (Dec 16)
- Re: cache cookies? Dan Harkless (Dec 16)
- Re: cache cookies? MadHat (Dec 18)
- Re: cache cookies? Steve Shockley (Dec 16)
- Re: cache cookies? Rossen Raykov (Dec 16)
- Re: cache cookies? Nick Lamb (Dec 18)
- Re: cache cookies? Thomas Reinke (Dec 18)
- Re: cache cookies? Kee Hinckley (Dec 16)
- Re: cache cookies? Szilveszter Adam (Dec 18)
- Re: cache cookies? James Taylor (Dec 19)
- Re: cache cookies? Szilveszter Adam (Dec 18)
- <Possible follow-ups>
- Re: cache cookies? Rob Lemos (Dec 18)
- Re: cache cookies? Wham Bang (Dec 18)
- Re: cache cookies? Lincoln Yeoh (Dec 19)
- Re: cache cookies? Wham Bang (Dec 19)
- Re: cache cookies? Thomas Reinke (Dec 15)