RE: Microsoft IE cookies readable via about: URLS

From: Oliver Petruzel (opetruzel@cox.rr.com)
Date: 11/10/01

• Previous message: 3APA3A: "More problems with RADIUS (protocol and implementations)"
• Maybe in reply to: Jouko Pynnonen: "Microsoft IE cookies readable via about: URLS"
• Next in thread: Thomas Reinke: "Re: Microsoft IE cookies readable via about: URLS"
• Reply: Thomas Reinke: "Re: Microsoft IE cookies readable via about: URLS"
• Reply: Valdis.Kletnieks@vt.edu: "Re: Microsoft IE cookies readable via about: URLS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Oliver Petruzel" <opetruzel@cox.rr.com>
To: <bugtraq@securityfocus.com>
Subject: RE: Microsoft IE cookies readable via about: URLS
Date: Fri, 9 Nov 2001 21:20:29 -0500
Message-ID: <000701c1698e$44cf66c0$8800a8c0@cox.rr.com>

>
> Jouko Pynnonen <jouko@solutions.fi> wrote:
>
> > Microsoft Internet Explorer has a vulnerability which allows a
> > malicious website to access any cookie in the browser's memory or
...

This brings to mind a question: has anyone collected a list of the most
revealing KNOWN cookies in the wild? Is there a resource (site)
available with a list for me to use in order to perhaps blacklist the
URL's personally? I often find myself studying my local cookies and
have noticed repeat offenders from very popular sites that I avoid now
because of this; and I believe such a public list would serve as a way
to prevent cookies from becoming too powerful or revealing. A cookie
reporting service possibly. Anyone with a link for this if it already
exists or with the energy to compile it yourself, go for it, and plz let
us know.

Oliver

---

• Previous message: 3APA3A: "More problems with RADIUS (protocol and implementations)"
• Maybe in reply to: Jouko Pynnonen: "Microsoft IE cookies readable via about: URLS"
• Next in thread: Thomas Reinke: "Re: Microsoft IE cookies readable via about: URLS"
• Reply: Thomas Reinke: "Re: Microsoft IE cookies readable via about: URLS"
• Reply: Valdis.Kletnieks@vt.edu: "Re: Microsoft IE cookies readable via about: URLS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Cookies issues again! ... Microsoft Internet Explorer 6.0+ ... Select "Internet Options" from the Tools menu. ... you can turn the blocking of Cookies on or off so it might be worth taking a look at your firewall settings. ... Like yahoo for example. ... (microsoft.public.windows.inetexplorer.ie6.browser) Unable to access secure sites ... I have the same exact problem and I just put in a ... posting, please let me know if anyone provides you with a ... >go to Security and turn on COOKIES. ... >Microsoft Internet Explorer area. ... (microsoft.public.security) Unable to access secure sites ... I have tried Dell and they cannot fix it. ... I called my bank, and she had her computer and asked me to ... go to Security and turn on COOKIES. ... Microsoft Internet Explorer area. ... (microsoft.public.security) Re: GetClub.com Web site design ... since my browser ... means the Cookies are not allowed for GetClub.com website. ... Click on the arrow next to "Privacy & Security" in the scrolling ... Microsoft Internet Explorer 6.0+ ... (rec.games.chess.misc) Re: Microsoft IE cookies readable via about: URLS ... Subject: Microsoft IE cookies readable via about: URLS ... > This brings to mind a question: has anyone collected a list of the most ... > to prevent cookies from becoming too powerful or revealing. ... > reporting service possibly. ... (Bugtraq)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2001-11