Re: Netaddress and amexmail

[robert.collins () ITDOMAIN COM AU (Robert Collins)]

It's my understanding that cookies can only be read by the same server
that created them.. so if www.axemail.com creates a cookie, the
www.netaddress.com server cannot read it.

just my 20c
Rob

-----Original Message-----
From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of
Fabio Pietrosanti
Sent: Thursday, 27 April 2000 5:11 PM
To: VULN-DEV () SECURITYFOCUS COM
Subject: Re: Netaddress and amexmail

Does you know the existance of cookie ? :)

NaiF

On Tue, 25 Apr 2000, Arturo Busleiman wrote:

> Hi people.
>
> I've been using NetAdress and AmexMail (actually, the same company)
for a
> couple of years now. I have one account in each one.
>
> Well, the point is that today I decided to play a little:
>
> I logged into my AmexMail account. After a successfull login you are
> redirected to http://www.amexmail.com/tpl/Door/SomeUniqueID/Welcome
>
> Ok, I opened a second browser and cut&pasted that into this new
browser
> window, BUT changing amexmail by netaddress. Results?
> I had my account opened in two different browser windows, with the
small
> difference that the sessions were different. In one I had the amexmail
> user interface, and in the other I had the netaddress user interface.
> I had no friends online at that moment to send'em the URL to see if
they
> could login without supplying the password.
>
> Ok, I now this is kind of stupid, but who knows?
>
> Bye
>
> *> Get PGP KEY: use pgpk -a hkp://horowitz.surfnet.nl/buanzox () usa net
> *> Lista social de mail. Envia e-mail en blanco a
lsb-subscribe () egroups com
> *> Panic? My kernel doesn't panic! We are doomed! DustDustDust!!!!

<HR NOSHADE>
<UL>
<LI>application/x-pkcs7-signature attachment: smime.p7s
</UL>