Freakin bummer!!!!
Its a cookie bashers FEAST......
Steve
----- Original Message -----
From: Mike Sheldon <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, May 16, 2000 07:37 PM
Subject: RE: "You have nice cookies .. mind if I have a look?"
> >>Even the one(s) only accessable on the specified domain set in the
cookie?
>
> ALL of them.
>
> Using a specially encoded URL, I was able to access ANY cookie on the
user's
> system. The only thing the attacker needs to know is what domain's cookies
> he wants from the user.
>
> Michael J. Sheldon
> Internet Applications Developer
> Phone: 480.699.1084
> http://www.desertraven.com/
> PGP Key Available on Request
>
> -----Original Message-----
> From: Todd Ashworth [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 16, 2000 19:13
> To: [EMAIL PROTECTED]
> Subject: Re: "You have nice cookies .. mind if I have a look?"
>
>
> Even the one(s) only accessable on the specified domain set in the cookie?
>
> ----- Original Message -----
> From: Owens, Howard <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, May 16, 2000 6:45 PM
> Subject: RE: "You have nice cookies .. mind if I have a look?"
>
>
> >
> > I went to the site and was able to search for any domain that has set
> > cookies on my computer. The full Amazon cookie could be pulled up
> > (thankfully, one-click is not enabled on this machine).
> >
> >
> > H.
> >
> > =========================
> > Howard Owens
> > Web Producer
> > InsideVC.com
> > mailto:[EMAIL PROTECTED]
> > =========================
> >
> > > -----Original Message-----
> > > From: Todd Ashworth [SMTP:[EMAIL PROTECTED]]
> > > Sent: Tuesday, May 16, 2000 3:36 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: "You have nice cookies .. mind if I have a look?"
> > >
> > > I'm not sure .. of course all the reports I've seen are going for
shock
> > > value and leaving the technical details usefull to the rest of us out.
> > > You
> > > could test it I suppose. You could set such a cookie on your computer
> and
> > > then go to the test site mentioned in the article and see if the
exploit
> > > can
> > > find your cookie .. it gives you the option to type in a speciffic
> domain
> > > name to search for. It would be really kinda cool if it wasn't a
> > > potential
> > > hazard.
> > >
> > > BTW, Amazon and friends encrypt their cookies, from what I've heard.
> > > Anyone
> > > have any CF related info on doing the same?
>
> --------------------------------------------------------------------------
--
> --
> Archives: http://www.eGroups.com/list/cf-talk
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
>
> --------------------------------------------------------------------------
----
> Archives: http://www.eGroups.com/list/cf-talk
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
