|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
From: brandon@rd.bbc.co.uk (BrandonButterworth) Date: Fri, 19 Jul 96 20:54:32 BST To: www-security@ns2.rutgers.edu, bob@lava.net Errors-To: owner-www-security@ns2.rutgers.edu > From: bob@lava.net (Robert P Cunningham) > > Having seen a pages out there issuing 40 or more cookies, I began > wondering how easy it would be to overload a browser with cookies > (and force it to delete other cookies). Neat but I still think we're worrying too much about cookies and letting major future vulnerabilites sneak by: > From brandon Thu Jul 18 20:24:12 1996 > To: bob@lava.net > Subject: Re:- cookies and privacy > > > Either way, a "denial of service" attack might just be possible. > > Could a collection of sites cooperate to load browsers with their > > own cookies, causing a browser to cease loading of other cookies? > > Or a few big sites could be persuaded to fill you up to displace > a competitors cookie. > > If you have 399 from Microsoft and 1 from say Netscape which one > stands the most chance of being lost as you hit more friends of MS > sites? > > I'm not too worried about the cookies as whilst we're worrying about > a minor vulnerability Microsoft are successfully waging an anti Java > campaign over here. > > The press and the PC entranced are buying it - better than Java > as it doesn't have the security limitations, more secure because > the sites offering content will be MS approved... > > So an ActiveX applet that can go anywhere on your disk is OK because > MS say so? Brandon -- Brandon Butterworth phone: 01737 836592 BBC Research & Development fax: 01737 832336 Kingswood Warren, Tadworth email: brandon@rd.bbc.co.uk Surrey, KT20 6NP URL: http://www.bbc.co.uk/
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |