Bugtraq mailing list archives
Re: Evil Cookies.
From: regs () NEBCORP COM (Ari Gordon-Schlosberg)
Date: Tue, 8 Feb 2000 16:24:58 -0600
[Dylan Griffiths <Dylan_G () BIGFOOT COM>]
Thomas Reinke wrote:There is no easy patch to this problem. The only solution I can think of, which is not an easy one, would be to have browsers have intimate knowledge of what constitutes an organization's "domain of influence", and limit cookies accordingly. This is essentially impossible to implement.A better solution would be explicit (ie: finer grained) control of cookies. Not as finely grained as the prompt option of Lynx, but more specific than the current Netscape settings.
Actually, this is implemented in a rudimentary way in IE 5.x, with their "zones" of security. If you're interested, take a look at Mozilla's M13 milestone release. It allows fine-grained control of cookiees, with its "Never Accept Cookiees" domain/site list. It also gives the user an intuitive interface to actually browse their cookiees. (Look in the Wallet section). -- Ari there is no spoon ------------------------------------------------------------------------- http://www.nebcorp.com/~regs/pgp for PGP public key
Current thread:
- Administrivia, (continued)
- Administrivia Elias Levy (Feb 16)
- Re: DDOS Attack Mitigation John Payne (Feb 14)
- Re: DDOS Attack Mitigation Julien Nadeau (Feb 14)
- Re: DDOS Attack Mitigation Bennett Todd (Feb 15)
- rp_filter? (was Re: DDOS Attack Mitigation) Julien Nadeau (Feb 18)
- Re: DDOS Attack Mitigation Homer Wilson Smith (Feb 14)
- Re: DDOS Attack Mitigation Andrzej Bialecki (Feb 14)
- Re: DDOS Attack Mitigation Darren Reed (Feb 14)
- "Association of Responsible Internet Providers"? David Nesting (Feb 15)
- Re: DDOS Attack Mitigation Andreas Busse (Feb 15)
- Re: Evil Cookies. Ari Gordon-Schlosberg (Feb 08)
- Re: Evil Cookies. Michael Bryan (Feb 08)
- Statistical Attack Against Virtual Banks Andre L. Dos Santos (Feb 08)
- Re: Statistical Attack Against Virtual Banks HC Security (Feb 08)
- Re: Statistical Attack Against Virtual Banks Andre L. Dos Santos (Feb 08)
- Re: Statistical Attack Against Virtual Banks HC Security (Feb 09)
- Re: Statistical Attack Against Virtual Banks Swift Griggs (Feb 09)
- Re: Statistical Attack Against Virtual Banks Andre L. Dos Santos (Feb 08)
- SCO OpenServer SNMPD vulnerability NAI Labs (Feb 07)
- Re: Tempfile vulnerabilities Werner Koch (Feb 02)
- Re: Tempfile vulnerabilities Chris Cappuccio (Feb 03)