Re: How secure are cookies ?

From: Paul Cardon (paul@moquijo.com)
Date: 09/05/01 

Message-ID: <3B9594E1.E247B18D@moquijo.com>
Date: Tue, 04 Sep 2001 22:58:41 -0400
From: Paul Cardon <paul@moquijo.com>
To: Pradeep Kumar <pradeep.pillai@nexsi.com>
Subject: Re: How secure are cookies ?

Pradeep Kumar wrote:
>
> Tell the forum one security breach due to cookies. You wont find any.
> If cookies did compromise security all the load balancing switch companies
> would not support this feature.

How about several security breaches?

http://cookies.lcs.mit.edu/pubs.html

-paul

Relevant Pages

  • RE: How secure are cookies ?
    ... Subject: How secure are cookies? ... -How about the several L4-7 switches which continue to use this technology ... > Tell the forum one security breach due to cookies. ...
    (Security-Basics)
  • Fairly serious vulnerability in vBulletin 2.2.0
    ... tested on vBulletin version 2.2.0. ... I post some malicious html in a reply to a topic that allows HTML: ... cookies into the image source tag that points to a webserver on my machine, ... At first I thought this was useless since the forum uses a one-way ...
    (Bugtraq)
  • [Full-Disclosure] Re: Authentication flaw in Web Wiz forum
    ... The security flaw reported below is incorrect as they state that the user ... password then the user code is not changed so the user doesn't have to log ... back in if they request a new password from the forum admin. ... for his cookies identification forum using User_code ...
    (Full-Disclosure)
  • Re: Newsgroup vs web forum
    ... Google gives these values of postings: ... Apparently Forum started at April 2007. ... browser will let you reduce it to a readable size. ... read/not without cookies is technically moderately difficult, ...
    (rec.games.roguelike.angband)
  • [Full-Disclosure] Re: Authentication flaw in Web Wiz forum
    ... The user code is changed when changing the password using "user profile". ... Authentication flaw in Web Wiz forum ... > register in the forum using old cookies. ...
    (Full-Disclosure)