Vulnerability Development mailing list archives
Re: Web session tracking security prob. Vulnerable: IIS and ColdF usion (maybe others)
From: Dug Song <dugsong () monkey org>
Date: Thu, 30 Aug 2001 16:24:14 -0400
On Thu, Aug 30, 2001 at 03:37:01PM -0400, Jose Nazario wrote:
predictive cookie values are nothing new. :)
fubob cracked the WSJ.com master key with a simple adaptive chosen plaintext attack last year. see his paper on client web authentication (which won best student paper at this past USENIX) for a nice overview: http://cookies.lcs.mit.edu/ -d. --- http://www.monkey.org/~dugsong/
Current thread:
- RE: Web session tracking security prob. Vulnerable: IIS and ColdF usion (maybe others) Norman Cook (Aug 30)
- RE: Web session tracking security prob. Vulnerable: IIS and ColdF usion (maybe others) Jose Nazario (Aug 30)
- Re: Web session tracking security prob. Vulnerable: IIS and ColdF usion (maybe others) Dug Song (Aug 30)
- Re: Web session tracking security prob. Vulnerable: IIS and ColdF usion (maybe others) Kevin Fu (Aug 30)
- Re: Web session tracking security prob. Vulnerable: IIS and ColdF usion (maybe others) Kevin Fu (Aug 30)
- RE: Web session tracking security prob. Vulnerable: IIS and ColdF usion (maybe others) Jose Nazario (Aug 30)