Bugtraq mailing list archives

Re: Evil Cookies.

From: bugtraq () URSINE COM (Michael Bryan)
Date: Tue, 8 Feb 2000 22:30:39 -0800


On 2/8/00 at 4:24 PM Ari Gordon-Schlosberg wrote:

[Dylan Griffiths <Dylan_G () BIGFOOT COM>]


A better solution would be explicit (ie: finer grained) control of cookies.
Not as finely grained as the prompt option of Lynx, but more specific than
the current Netscape settings.


Actually, this is implemented in a rudimentary way in IE 5.x, with their
"zones" of security.  If you're interested, take a look at Mozilla's M13
milestone release.  It allows fine-grained control of cookiees, with its
"Never Accept Cookiees" domain/site list.  It also gives the user an
intuitive interface to actually browse their cookiees.  (Look in the Wallet
section).


A cool shareware tool called "Cookie Pal" (http://www.kburra.com/cpal.html)
gives you all sorts of excellent control over cookies, and works with several
browsers.  Its biggest downside is that it's for Windows only.  I highly
recommend checking it out if you're looking for better cookie management.


--
Michael Bryan
bugtraq () ursine com

Current thread:

Re: DDOS Attack Mitigation, (continued)
- - - Re: DDOS Attack Mitigation John Payne (Feb 14)
    - Re: DDOS Attack Mitigation Julien Nadeau (Feb 14)
    - Re: DDOS Attack Mitigation Bennett Todd (Feb 15)
    - rp_filter? (was Re: DDOS Attack Mitigation) Julien Nadeau (Feb 18)
    - Re: DDOS Attack Mitigation Homer Wilson Smith (Feb 14)
    - Re: DDOS Attack Mitigation Andrzej Bialecki (Feb 14)
    - Re: DDOS Attack Mitigation Darren Reed (Feb 14)
    - "Association of Responsible Internet Providers"? David Nesting (Feb 15)
    - Re: DDOS Attack Mitigation Andreas Busse (Feb 15)
    - Re: Evil Cookies. Ari Gordon-Schlosberg (Feb 08)
    - Re: Evil Cookies. Michael Bryan (Feb 08)
    - Statistical Attack Against Virtual Banks Andre L. Dos Santos (Feb 08)
    - Re: Statistical Attack Against Virtual Banks HC Security (Feb 08)
    - Re: Statistical Attack Against Virtual Banks Andre L. Dos Santos (Feb 08)
    - Re: Statistical Attack Against Virtual Banks HC Security (Feb 09)
    - Re: Statistical Attack Against Virtual Banks Swift Griggs (Feb 09)
    - Re: Statistical Attack Against Virtual Banks Andre L. Dos Santos (Feb 08)
    - SCO OpenServer SNMPD vulnerability NAI Labs (Feb 07)
    - Re: Tempfile vulnerabilities Werner Koch (Feb 02)
    - Re: Tempfile vulnerabilities Chris Cappuccio (Feb 03)
    - Cross Site Scripting security issue Robert Zilbauer (Feb 02)

(Thread continues...)