Bugtraq mailing list archives
Re: cache cookies?
From: Steve Shockley <Steve.Shockley () SHOCKLEY NET>
Date: Fri, 15 Dec 2000 12:17:46 -0500
Actually, it *does* work. We have on our site a working demonstration of the exploit, showing whether or not you've visited one or more of more than 80 different well known sites. The URL is http://www.securityspace.com/exploit/exploit_2a.html
Using IE 5.5sp1, I seem to have been able to foil your exploit by checking "Empty Temporary Internet Files when browser is closed" on the Advanced tab. (I do that for performance reasons, since I don't like having thousands of small files clogging my hard drive.) Also, as Clover Andrew mentioned, the detection script itself caches the images, so it's a one-time shot.
Current thread:
- Re: cache cookies? Clover Andrew (Dec 14)
- Re: cache cookies? Thomas Reinke (Dec 15)
- Re: cache cookies? James N. Potts (Dec 16)
- Re: cache cookies? Dan Harkless (Dec 16)
- Re: cache cookies? MadHat (Dec 18)
- Re: cache cookies? Steve Shockley (Dec 16)
- Re: cache cookies? Rossen Raykov (Dec 16)
- Re: cache cookies? Nick Lamb (Dec 18)
- Re: cache cookies? Thomas Reinke (Dec 18)
- Re: cache cookies? Kee Hinckley (Dec 16)
- Re: cache cookies? Szilveszter Adam (Dec 18)
- Re: cache cookies? James Taylor (Dec 19)
- Re: cache cookies? Szilveszter Adam (Dec 18)
- <Possible follow-ups>
- Re: cache cookies? Rob Lemos (Dec 18)
- Re: cache cookies? Wham Bang (Dec 18)
- Re: cache cookies? Lincoln Yeoh (Dec 19)
- Re: cache cookies? Wham Bang (Dec 19)
- Re: cache cookies? Thomas Reinke (Dec 15)