Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: IE cookies assigned to RAM disk survive reboot
From: "Moorhouse, Walt P" <WaltPMoorhouse () eaton com>
Date: Mon, 19 Nov 2001 11:08:33 -0500

Comments are under original...
BTW, good idea on the RAMDisk for cookies, but if you can't get it to work,
there are programs that will kill your cookies, cache and history files.

You'll find in the registry a key called Paths:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Cache\Paths
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Cache\Special Paths\Cookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Pr
ofileReconcili
ation\Cookies

I think you may have missed a couple.  I found five total on both an NT
machine and a Win98.  The two you did not list were:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell
Folders  and
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User
Shell Folders

I deleted all cookies from C:\Windows\Cookies and 
G:\Temporary Internet
Files\Cookies. I then booted into DOS and ran: del
C:\Windows\Cookies\Index.dat.

After you have changed all the values to point to your new location, try to
delete the directory from explorer.  If you get a "Deleting this folder may
affect some registered programs." message, there may be another reg key
pointing to it.  Do a search for cookies in regedit.

One other question:
And my swap file setup:
PagingDrive=G:
MinPagingFileSize=65536
MaxPagingFileSize=65536

Why are you using a RAMDrive for your pagefile?  Is this a security measure?
I saw the Thread on NT4 pagefile compromises, but is the Win98 pagefile that
sought-after?  It just seems to me that there are easier ways to compromise
a 98 machine.  

Walt Moorhouse
Network Administrator
Eaton Corp.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]