[13744] in bugtraq
cookies - nothing new
daemon@ATHENA.MIT.EDU (Steven Champeon)
Tue Feb 8 02:07:44 2000
X-Received-From: schampeo@hesketh.com
X-Delivered-To: <bugtraq@securityfocus.com>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.3.95.1000207191305.3797R-100000@wasabi.hesketh.net>
Date: Mon, 7 Feb 2000 19:29:10 -0500
Reply-To: Steven Champeon <schampeo@HESKETH.COM>
From: Steven Champeon <schampeo@HESKETH.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
The discussion regarding cookies is old news.
<http://help.netscape.com/kb/consumer/19981231-1.html>
More info used to be here:
<http://www.paradise.net.nz/~glineham/cookiemonster.html>
Does anyone know where it went? The URL below gives an email address
for Oliver Lineham <oliver@lineham.co.nz> but I can't seem to pull up
a Web site for lineham.co.nz.
Oh, wait - here's an article that gives the date when Oliver posted
the Cookie Monster bug to BUGTRAQ:
<http://webserver.cpg.com/ws/4.2/>
OK, here is the original BUGTRAQ post:
<http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-12-22&msg=3.0.6.32.19981224110919.007c7520@paradise.net.nz>
Unfortunately, it doesn't contain much other than "visit the Web site
for more details". :( Anyway, IIRC, it's the same problem described in
the Netscape advisory at the top of this message.
Here's a bit of somewhat belated, but still frenzied, hype as well:
<http://www.securiteam.com/exploits/Cookie_Monster_vulnerability.html>
Other cookie-related info:
<http://www.cookiecentral.com/bug/index.shtml>
<http://www.w3.org/Security/Faq/wwwsf7.html#Q66>
Steve
