RE: Microsoft IE cookies readable via about: URLS

From: Oliver Petruzel (opetruzel@cox.rr.com)
Date: 11/10/01


From: "Oliver Petruzel" <opetruzel@cox.rr.com>
To: <bugtraq@securityfocus.com>
Subject: RE: Microsoft IE cookies readable via about: URLS
Date: Fri, 9 Nov 2001 21:20:29 -0500
Message-ID: <000701c1698e$44cf66c0$8800a8c0@cox.rr.com>


>
> Jouko Pynnonen <jouko@solutions.fi> wrote:
>
> > Microsoft Internet Explorer has a vulnerability which allows a
> > malicious website to access any cookie in the browser's memory or
...

This brings to mind a question: has anyone collected a list of the most
revealing KNOWN cookies in the wild? Is there a resource (site)
available with a list for me to use in order to perhaps blacklist the
URL's personally? I often find myself studying my local cookies and
have noticed repeat offenders from very popular sites that I avoid now
because of this; and I believe such a public list would serve as a way
to prevent cookies from becoming too powerful or revealing. A cookie
reporting service possibly. Anyone with a link for this if it already
exists or with the energy to compile it yourself, go for it, and plz let
us know.

Oliver