Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development: RE: CSS, CSS & let me give you some more CSS

RE: CSS, CSS & let me give you some more CSS

From: <info_at_elitesoft.org>
Date: Fri, 1 Feb 2002 11:08:59 -0500

If you use IP address for session cookie attacker can't use
stolen cookie.
However, you can't use IP address when BGP or Proxy are used.
In this case the best protection is to change session cookie
for each transaction using transaction counter.
This will provide a transaction non-repudiation.
If such session cookie is stolen and used by a hacker prior
to a user, then user session will be blown away.

Mike
Received on Feb 01 2002

This message: [ Message body ]
Next message: Bill Pennington: "Re: CSS, CSS & let me give you some more CSS"
Previous message: keks_revda: "SmallHTTP smallest problemm"
Maybe in reply to: Obscure: "RE: CSS, CSS & let me give you some more CSS"
Next in thread: Bill Pennington: "Re: CSS, CSS & let me give you some more CSS"
Reply: Bill Pennington: "Re: CSS, CSS & let me give you some more CSS"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]