[2520] in WWW Security List Archive
Undeliverable message
daemon@ATHENA.MIT.EDU (Electronic Postmaster)
Wed Jul 24 10:26:00 1996
Date: 24 Jul 96 07:49:36 EDT
From: Electronic Postmaster <POSTMASTER@compuserve.com>
To: <www-security@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
Your message could not be delivered for the following reason:
Mailbox 73144.3004 is currently full.
Please resend your message at a later time.
--- Returned message ---
Sender: owner-www-security@ns2.rutgers.edu
Received: from ns2.rutgers.edu (ns2.rutgers.edu [128.6.21.2]) by hil-img-4.compuserve.com (8.6.10/5.950515)
id HAA20852; Wed, 24 Jul 1996 07:49:18 -0400
Received: (from daemon@localhost) by ns2.rutgers.edu (8.6.12+bestmx+oldruq+newsunq/8.6.12) id NAA04825 for www-security-outgoing; Tue, 23 Jul 1996 13:36:28 -0400
Received: from hp.com (hp.com [15.255.152.4]) by ns2.rutgers.edu (8.6.12+bestmx+oldruq+newsunq/8.6.12) with ESMTP id NAA04815 for <www-security@ns2.rutgers.edu>; Tue, 23 Jul 1996 13:35:42 -0400
Received: from hpfsvr01.cup.hp.com (allan.cup.hp.com) by hp.com with ESMTP
(1.37.109.16/15.5+ECS 3.3) id AA064083331; Tue, 23 Jul 1996 10:35:32 -0700
Received: from allan by hpfsvr01.cup.hp.com with SMTP
(1.37.109.15/15.5+IOS 3.20+cup+OMrelay) id AA094463340; Tue, 23 Jul 1996 10:35:40 -0700
Message-Id: <31F50D6B.5484@cup.hp.com>
Date: Tue, 23 Jul 1996 10:35:39 -0700
From: Gene Ingram <gene@hpfsvr01.cup.hp.com>
Reply-To: www-security@ns2.rutgers.edu
Organization: Hewlett-Packard Co.
X-Mailer: Mozilla 3.0b5a (X11; U; HP-UX A.09.05 9000/720)
Mime-Version: 1.0
To: www-security@ns2.rutgers.edu
Subject: COOKIE redirection to executable file (was: Re: Bloody cookies...)
References: <1F351030.1424@mail.bl.uk> <31F3BBD3.599D@rixix.sod.eds.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-www-security@ns2.rutgers.edu
Precedence: bulk
Errors-To: owner-www-security@ns2.rutgers.edu
> Could we possibly direct this thread in the direction of how cookies are a threat to
> corporate data? What is a system administrator worried about as pertains cookies? I
> have my users running a networked copy of Netscape with cookies.txt attributed
> read-only. What else?
Well, I'll start the discussion on that track by stating my
concerns about a redirected cookies file to null. Let's discuss
WHERE ELSE a cookie file can be REDIRECTED. For example, can it
be redirected to another file which is executable and located in
a web server executable directory, and can the cookie information
include commands which execute upon going to this directory and
calling up the file in any web browser?
This would create a dynamic script controlled by a mother ship of
unknown origin, would it not? Here is a concern that has bothered
me for some time, and I believe might fall under the purview of
this list and relates to cookies. (If it does not, please delete
from mailbox.)
--
___
| ._ _ ._ _.._ _ ``I do not fear computers
_|_| |(_|| (_|| | | I fear lack of them.'' -Isaac Asimov
_____ _| _______________________________________________________
Key fingerprint: 93 E1 15 E6 35 BC B2 84 B2 7B 39 76 29 72 32 72
[Signature lettering created by ``Figlet Ascii Font Converter''
http://mediacube.datacom.de/cgi-bin/moniteurs/figlet]
