[3880] in WWW Security List Archive
Re: Netscape eggs
daemon@ATHENA.MIT.EDU (Tim O'Shea [tmo])
Sun Dec 22 04:38:21 1996
Date: Sun, 22 Dec 1996 03:00:20 -0500 (EST)
From: "Tim O'Shea [tmo]" <tmoshea@mailbox.syr.edu>
cc: www-security@ns2.rutgers.edu
In-Reply-To: <Pine.OSF.3.93.961220180117.1082B-100000@novice>
Errors-To: owner-www-security@ns2.rutgers.edu
On Fri, 20 Dec 1996 htorgema@novice.uwaterloo.ca wrote:
> Anyway, I doubt anyone find a way to compromise the security of a
> client with such things...
I've been collecting the "eggs" that have been posted for easy reference
through my web-page. I should have things together by the start of next
week and I'll post the URL up then.
In doing so, I've been thinking about a client side issue. All of the
eggs are mostly harmless and serve more as debugging tools or "parlor
tricks" for users/developers.
But, working as a consultant here at SU, and understanding privacy issues
in a multiuser environment, eggs like about:cache reveal A LOT about the
last user's interests.
I understand that there are many other ways of obtaining this information
(RAW peaks at the cache directory, bookmarks etc) but it is an issue,
particulalry when a user can essentially re-play the previous users
browsing
Just a thought...
Tim
