[2513] in WWW Security List Archive
COOKIE redirection to executable file (was: Re: Bloody cookies...)
daemon@ATHENA.MIT.EDU (Gene Ingram)
Tue Jul 23 16:55:05 1996
Date: Tue, 23 Jul 1996 10:35:39 -0700
From: Gene Ingram <gene@hpfsvr01.cup.hp.com>
Reply-To: www-security@ns2.rutgers.edu
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
> Could we possibly direct this thread in the direction of how cookies are a threat to
> corporate data? What is a system administrator worried about as pertains cookies? I
> have my users running a networked copy of Netscape with cookies.txt attributed
> read-only. What else?
Well, I'll start the discussion on that track by stating my
concerns about a redirected cookies file to null. Let's discuss
WHERE ELSE a cookie file can be REDIRECTED. For example, can it
be redirected to another file which is executable and located in
a web server executable directory, and can the cookie information
include commands which execute upon going to this directory and
calling up the file in any web browser?
This would create a dynamic script controlled by a mother ship of
unknown origin, would it not? Here is a concern that has bothered
me for some time, and I believe might fall under the purview of
this list and relates to cookies. (If it does not, please delete
from mailbox.)
--
___
| ._ _ ._ _.._ _ ``I do not fear computers
_|_| |(_|| (_|| | | I fear lack of them.'' -Isaac Asimov
_____ _| _______________________________________________________
Key fingerprint: 93 E1 15 E6 35 BC B2 84 B2 7B 39 76 29 72 32 72
[Signature lettering created by ``Figlet Ascii Font Converter''
http://mediacube.datacom.de/cgi-bin/moniteurs/figlet]
