[23104] in bugtraq
RE: Microsoft IE cookies readable via about: URLS
daemon@ATHENA.MIT.EDU (Oliver Petruzel)
Mon Nov 12 11:05:45 2001
From: "Oliver Petruzel" <opetruzel@cox.rr.com>
To: <bugtraq@securityfocus.com>
Date: Fri, 9 Nov 2001 21:20:29 -0500
Message-ID: <000701c1698e$44cf66c0$8800a8c0@cox.rr.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <S-UTL02-NYC-NOCMjka00002d61@nyc02.smtp.stsn.com>
>
> Jouko Pynnonen <jouko@solutions.fi> wrote:
>
> > Microsoft Internet Explorer has a vulnerability which allows a
> > malicious website to access any cookie in the browser's memory or
...
This brings to mind a question: has anyone collected a list of the most
revealing KNOWN cookies in the wild? Is there a resource (site)
available with a list for me to use in order to perhaps blacklist the
URL's personally? I often find myself studying my local cookies and
have noticed repeat offenders from very popular sites that I avoid now
because of this; and I believe such a public list would serve as a way
to prevent cookies from becoming too powerful or revealing. A cookie
reporting service possibly. Anyone with a link for this if it already
exists or with the energy to compile it yourself, go for it, and plz let
us know.
Oliver
