Bugtraq mailing list archives
Re: Microsoft IE cookies readable via about: URLS
From: Thomas Reinke <reinke () e-softinc com>
Date: Mon, 12 Nov 2001 11:03:30 -0500
The closest I've seen to this, although it doesn't fit your bill 100%, are two separate monthly reports called the Cookie Report and Web Bug report located at http://www.securityspace.com/s_survey/data/index.html Of the two, the Web Bug report is the more interesting - it documents the occurance of web bugs, which by definition occurs whenever a third party serves out content as part of a page you visit (think online advertisers). The report provides the top 100 "beneficiaries" of web bugs, which would give you the top 100 domains to block. Note that this does NOT reveal actual usage of cookies, but since virtually all advertisers use them, it's a pretty good correlation. All the big players are immediately visible in this list (Top 5 Count: linkexchange.com, bfast.com, extreme-dm.com, hitbox.com, doubleclick.net). When "weighted" by traffic, the top 5 are doubleclick.net, akamaitech.net, admonitor.net, gamespy.com, interstitialzone.com. The cookie report gives a some additional statistics on the types of cookies that are found in the wild (life time, common names, etc.) Hope this helps, Thomas Oliver Petruzel wrote:
Jouko Pynnonen <jouko () solutions fi> wrote:Microsoft Internet Explorer has a vulnerability which allows a malicious website to access any cookie in the browser's memory or... This brings to mind a question: has anyone collected a list of the most revealing KNOWN cookies in the wild? Is there a resource (site) available with a list for me to use in order to perhaps blacklist the URL's personally? I often find myself studying my local cookies and have noticed repeat offenders from very popular sites that I avoid now because of this; and I believe such a public list would serve as a way to prevent cookies from becoming too powerful or revealing. A cookie reporting service possibly. Anyone with a link for this if it already exists or with the energy to compile it yourself, go for it, and plz let us know. Oliver
-- ------------------------------------------------------------ Thomas Reinke Tel: (905) 331-2260 Director of Technology Fax: (905) 331-2504 E-Soft Inc. http://www.e-softinc.com Publishers of SecuritySpace http://www.securityspace.com
Current thread:
- Microsoft IE cookies readable via about: URLS Jouko Pynnonen (Nov 08)
- Re: Microsoft IE cookies readable via about: URLS Nick FitzGerald (Nov 09)
- Re: Microsoft IE cookies readable via about: URLS Jeffrey W. Dronenburg (Nov 10)
- RE: Microsoft IE cookies readable via about: URLS Oliver Petruzel (Nov 12)
- Re: Microsoft IE cookies readable via about: URLS Thomas Reinke (Nov 12)
- Re: Microsoft IE cookies readable via about: URLS Valdis . Kletnieks (Nov 12)
- RE: Microsoft IE cookies readable via about: URLS Per Arne Johansson (Nov 12)
- <Possible follow-ups>
- Re: Microsoft IE cookies readable via about: URLS Clover Andrew (Nov 12)
- Re: Microsoft IE cookies readable via about: URLS Kristian Strickland (Nov 14)
- Re: Microsoft IE cookies readable via about: URLS Peter W (Nov 15)
- RE: Microsoft IE cookies readable via about: URLS Kristian Strickland (Nov 15)
- Re: Microsoft IE cookies readable via about: URLS Nick FitzGerald (Nov 09)