Re: Web session tracking security prob. Vulnerable: IIS and ColdF usion (maybe others)
From: Dug Song (dugsong@monkey.org)Date: 08/30/01
- Previous message: Jose Nazario: "RE: Web session tracking security prob. Vulnerable: IIS and ColdF usion (maybe others)"
- In reply to: Jose Nazario: "RE: Web session tracking security prob. Vulnerable: IIS and ColdF usion (maybe others)"
- Next in thread: Kevin Fu: "Re: Web session tracking security prob. Vulnerable: IIS and ColdF usion (maybe others)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Aug 2001 16:24:14 -0400 From: Dug Song <dugsong@monkey.org> To: vuln-dev@securityfocus.com Subject: Re: Web session tracking security prob. Vulnerable: IIS and ColdF usion (maybe others) Message-ID: <20010830162414.Z1617@naughty.monkey.org>
On Thu, Aug 30, 2001 at 03:37:01PM -0400, Jose Nazario wrote:
> predictive cookie values are nothing new. :)
fubob cracked the WSJ.com master key with a simple adaptive chosen
plaintext attack last year. see his paper on client web authentication
(which won best student paper at this past USENIX) for a nice overview:
-d.
--- http://www.monkey.org/~dugsong/
- Previous message: Jose Nazario: "RE: Web session tracking security prob. Vulnerable: IIS and ColdF usion (maybe others)"
- In reply to: Jose Nazario: "RE: Web session tracking security prob. Vulnerable: IIS and ColdF usion (maybe others)"
- Next in thread: Kevin Fu: "Re: Web session tracking security prob. Vulnerable: IIS and ColdF usion (maybe others)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
