Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Evil Cookies.
From: regs () NEBCORP COM (Ari Gordon-Schlosberg)
Date: Tue, 8 Feb 2000 16:24:58 -0600

[Dylan Griffiths <Dylan_G () BIGFOOT COM>]

Thomas Reinke wrote:

There is no easy patch to this problem. The only solution I
can think of, which is not an easy one, would be to have browsers
have intimate knowledge of what constitutes an organization's
"domain of influence", and limit cookies accordingly. This
is essentially impossible to implement.


A better solution would be explicit (ie: finer grained) control of cookies.
Not as finely grained as the prompt option of Lynx, but more specific than
the current Netscape settings.


Actually, this is implemented in a rudimentary way in IE 5.x, with their
"zones" of security.  If you're interested, take a look at Mozilla's M13
milestone release.  It allows fine-grained control of cookiees, with its
"Never Accept Cookiees" domain/site list.  It also gives the user an
intuitive interface to actually browse their cookiees.  (Look in the Wallet
section).

--
Ari                                                     there is no spoon
-------------------------------------------------------------------------
http://www.nebcorp.com/~regs/pgp for PGP public key

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]