Bugtraq mailing list archives
Re: Microsoft IE cookies readable via about: URLS
From: Valdis.Kletnieks () vt edu
Date: Mon, 12 Nov 2001 13:14:44 -0500
On Fri, 09 Nov 2001 21:20:29 EST, Oliver Petruzel <opetruzel () cox rr com> said:
This brings to mind a question: has anyone collected a list of the most revealing KNOWN cookies in the wild? Is there a resource (site) available with a list for me to use in order to perhaps blacklist the URL's personally? I often find myself studying my local cookies and have noticed repeat offenders from very popular sites that I avoid now because of this; and I believe such a public list would serve as a way to prevent cookies from becoming too powerful or revealing. A cookie reporting service possibly. Anyone with a link for this if it already exists or with the energy to compile it yourself, go for it, and plz let us know.
A far better approach is to use software that blocks *all* cookies, and then have an exemption list for those sites that *YOU* visit that specifically need cookies in order to function. Remember - cookies as data harvesting tools only work because a large percentage of people allow cookies. If the *default* behavior of people was to tolerate only cookies that allow (for instance) session management of a single visit, or only retain very basic cross-session information, then the site operators wouldn't have much reason to use cookies. Something that's a *bigger* issue is probably the infamous "web bug", which usually shows up as a 1x1 transparent pixel. Now *THERE* is a area where a "black list" might be more useful (because you can have an <IMG> tag that points off-site to a tracking service, where the user may have said "only allow cookies from this server"). There's Unix software for all this at www.junkbuster.com. I have *NOT* tried their Windows software. It's not a *total* solution, but it's a start. -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
Attachment:
_bin
Description:
Current thread:
- Microsoft IE cookies readable via about: URLS Jouko Pynnonen (Nov 08)
- Re: Microsoft IE cookies readable via about: URLS Nick FitzGerald (Nov 09)
- Re: Microsoft IE cookies readable via about: URLS Jeffrey W. Dronenburg (Nov 10)
- RE: Microsoft IE cookies readable via about: URLS Oliver Petruzel (Nov 12)
- Re: Microsoft IE cookies readable via about: URLS Thomas Reinke (Nov 12)
- Re: Microsoft IE cookies readable via about: URLS Valdis . Kletnieks (Nov 12)
- RE: Microsoft IE cookies readable via about: URLS Per Arne Johansson (Nov 12)
- <Possible follow-ups>
- Re: Microsoft IE cookies readable via about: URLS Clover Andrew (Nov 12)
- Re: Microsoft IE cookies readable via about: URLS Kristian Strickland (Nov 14)
- Re: Microsoft IE cookies readable via about: URLS Peter W (Nov 15)
- RE: Microsoft IE cookies readable via about: URLS Kristian Strickland (Nov 15)
- Re: Microsoft IE cookies readable via about: URLS Nick FitzGerald (Nov 09)