But what good is an encrypted cookie?

If I have a cookie on my machine that automatically logs me in to Amazon's one click, 
for example,
encryption is irrelevant if some hacker steals it and installs it as their own. Next 
time they go to
Amazon, they're me; encryption or not.

What's scary about this is that you can only get your cookies "grabbed" by visiting a 
site that is
trying to grab it, right? Well, what about an html email being read? Same thing as 
visiting a site,
right? I would imagine a cookie grabbing script could be embedded in a typical html 
spam just as
easily.


Chris Giminez




> In the page submitted by Todd:
> "The NY Times said it has rewritten its cookies code with stronger
> encryption..."
>
> Certainly no one on this list would steal anyone's cookies <grin>, but I
> didn't hear anyone mention the possibility of encrypting one's own
> cookies to protect their contents. This is possible, isn't it?
>
> --John Allred
>
>
> Todd Ashworth wrote:
> >
> > Might want to be extra carefull what you store in your cookies from now on,
> > ladies and gents.  Or .. if you are the naughty kind of CF developer, I
> > suppose you could take advantage of this ...
> >
> > http://www.cnnfn.com/2000/05/16/technology/microsoft_browser/
> >
> > .Todd
> >
> > ------------------------------------------------------------------------------
> > Archives: http://www.eGroups.com/list/cf-talk
> > To Unsubscribe visit 
>http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
>
> --
> John Allred / Jackson, Mississippi
> Webmaster, Mississippi Counties
> http://www.mscounties.com/
> ------------------------------------------------------------------------------
> Archives: http://www.eGroups.com/list/cf-talk
> To Unsubscribe visit 
>http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
>

------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Reply via email to