Home page logo
/

bugtraq logo Bugtraq mailing list archives

Evil Cookies.
From: iwade () OPTUSNET COM AU (Iain Wade)
Date: Wed, 2 Feb 2000 20:45:54 +1100


Hello,

I have an evil cookie observation I'd like to share:

While developing some CGI stuff, I noticed that my browser was sending a
cookie which didn't make sense since I had control of that domain and I
hadn't issues any cookies .. the name "CyberTargetAnonymous" didn't fill
me with confidence either.

After refreshing my knowledge of cookies at netscapes developer site
below I noticed something strange:
http://developer.netscape.com:80/docs/manuals/communicator/jsguide4/cookies.htm

In the section "Determining a valid domain" is this little gem:

<quote>
If the domain attribute matches the end of the fully qualified domain
name of the host, then path matching is performed to determine if
the cookie should be sent. For example, a domain attribute of
royalairways.com matches hostnames anvil.royalairways.com and
ship.crate.royalairways.com.

Only hosts within the specified domain can set a cookie for a domain. In
addition, domain names must use at least two or three periods.
Any domain in the COM, EDU, NET, ORG, GOV, MIL, and INT categories
requires only two periods; all other domains require at least three
periods.
</quote>

So my questions are these:

a) Why would Netscape Communicator 4.7 accept a cookie like this
(invalid -- only two periods):

.com.au TRUE    /       FALSE   1264987602      CyberTargetAnonymous
NMN000CDCF833FA08963E9BDBC6CAA59301

b) How can this be used by some mass marketing company to turn me into a
number in their systems for sale to the highest bidder?

Just because you're paranoid doesn't mean they're not all out to get
you.

--
Iain Wade

<HR NOSHADE>
<UL>
<LI>application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature
</UL>


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]