Re: Red Sherrif Cookie Questions

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 12/21/03 

Date: Sat, 20 Dec 2003 23:01:40 GMT

The first following link should help explain. Cookies are supposed to be useful
little text files that help enhance your browsing experience by keeping information
such as preferred settings when you go to a website, but like anything else malicious
people found ways to exploit their use. You may also want to use a good popup stopper
like the Google Toolbar which will help prevent you from getting to malicious sites
and consider hardening your IE settings by taking advantage of the trusted Web
Content Zones so that you can set you "internet zone" security to high and also set
privacy to medium high or high adding your trusted sites to the exempt cookie
ist. --- Steve

http://mvps.org/winhelp2002/cookies.htm
http://toolbar.google.com/
http://www.microsoft.com/windowsxp/pro/using/howto/security/ie6.asp
http://www.microsoft.com/windows/ie/using/howto/security/settings.asp

"george" <NOSPAM@btinternet.com> wrote in message
news:bs251o$b48$1@titan.btinternet.com...
> I detected and deleted red sherrif tracking cookie, but what exactly is
> this? How did it get on to my machine? Can it steal any passwords or do some
> serious damage? I would also appreciate any tips on better PC security - I
> have Norton anti-virus, Zonealam fire wall and Adaware spy software. What
> other security features should I add?
> Thanks, George
>
>

Relevant Pages

  • [REVS] Cross Site Cooking
    ... Get your security news from a reliable source. ... On sites where authentication data is tied on a server to a session ID, ... Let's begin with a quick primer on cookie parsing: ... For security purposes, the browser ...
    (Securiteam)
  • [UNIX] PHPNuke Admin Password Can Be Stolen
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Vulnerabilities in PHPNuke expose the administrative password. ... To successfully exploit this vulnerability you will need to rely on two ... The administrator login/password pair is stored in a cookie like this: ...
    (Securiteam)
  • Re: A technique to mitigate cookie-stealing XSS attacks
    ... I'd like to thank the "Microsoft Internet Explorer Team" for ... I'd like to point out that this security feature does not help ... This new HTTPOnly security feature would simply stop cookie hijacking ... > During the Windows Security Push in Feb/Mar 2002, the Microsoft Internet ...
    (Bugtraq)
  • Re: Forms Authentication w/SubFolders
    ... Please note that this means that applications will now share security. ... >> the fact that this cookie exists, and returns to the login.aspx page. ... > manually setting the encryption key in the webconfig. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • [UNIX] YaBB Security Vulnerabilities (CSS in Login, Insecure Password Handling)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... attacker to steal user's cookies, hijacking user's accounts, and more. ... stealing the username cookie is easy. ...
    (Securiteam)