The Dangers of Improper Cookie Use - Slashdot

Please create an account to participate in the Slashdot moderation system

×

The Dangers of Improper Cookie Use 191

Posted by CmdrTaco on Monday December 18, 2006 @02:22PM

shifted89 writes "Over the last year, the security community have exposed web application security for what it is — extremely lacking. However, for all the focus on XSS, CSRF, history stealing, etc., not much attention has been given to the cookie. Unfortunately, cookie misuse can be just as dangerous, if not more so than XSS attacks and InformIT illustrates why. In short, the author clearly demonstrates what can happen when a website improperly uses cookies for customer tracking — including a working illustration."

This discussion has been archived. No new comments can be posted.

The Dangers of Improper Cookie Use

Search 191 Comments Log In/Create an Account

Comments Filter:

Old News (Score:5, Funny)

by MyLongNickName ( 822545 ) writes: on Monday December 18, 2006 @02:28PM (#17289382) Journal

Cookie misuse has been chronicled here [bbc.co.uk]

Share
twitter facebook
Cookies? Javascript? Etc? (Score:5, Funny)

by Anonymous Coward writes: on Monday December 18, 2006 @02:28PM (#17289396)

I disable them all because I hate any innovation of the web past 1991. Anyone who disagrees with me is wrong. This article is proof.

Share
twitter facebook
Re:Cookies? Javascript? Etc? (Score:2, Funny)

by Anonymous Coward writes: on Monday December 18, 2006 @02:45PM (#17289658)

Really? I'm the opposite.

As Scott McNealy once said, "Privacy is dead, deal with it". I've extended that to security which is why I enable javascript and install the binary-only flash player which is configured to auto execute bytecode from any server on the web. In my vision of the future, anybody with disabilities, privacy concerns, security concerns or who is running something other than Windows isn't worth bothering with. Viva innovation, especially from Microsoft!

Parent Share
twitter facebook
Remember.. (Score:2, Funny)

by Swimport ( 1034164 ) writes: on Monday December 18, 2006 @02:52PM (#17289770) Homepage

Cookies go in the mouth not the nose.

Parent Share
twitter facebook
The Real Danger of Improper Cookie Use (Score:2, Funny)

by MrCopilot ( 871878 ) writes: on Monday December 18, 2006 @03:04PM (#17289904) Homepage Journal

The Real Danger of Improper Cookie Use:
Two Words: Crumby Milk
Thank You and Tip your Servers.

Share
twitter facebook
Obligatory Simpsons reference.... (Score:5, Funny)

by Illusion2269 ( 959341 ) writes: on Monday December 18, 2006 @03:07PM (#17289960)

Mindy: What's wrong?
Homer: Oh, yeah, like you don't know. We're gonna have sex!
Mindy: Oh...well, we don't have to.
Homer: Yes we do! The cookie told me so.
Mindy: Well...desserts aren't always right.
Homer: But they're so sweet!

Share
twitter facebook
Re:Cookies? Javascript? Etc? (Score:4, Funny)

by kalaf ( 963208 ) writes: on Monday December 18, 2006 @04:02PM (#17290764)

High resolution porn? No wait, I take it back!

Parent Share
twitter facebook
Re:Old News (Score:1, Funny)

by Anonymous Coward writes: on Monday December 18, 2006 @04:38PM (#17291302)

So you've never imagined Yoda saying "Waka waka waka"

Parent Share
twitter facebook
Re:Old News (Score:2, Funny)

by sharkey ( 16670 ) writes: on Monday December 18, 2006 @05:13PM (#17291822)

Such a tender, heartwarming account of someone bettering himself. What they don't show is the agonizing struggle he went through. [youtube.com]

Parent Share
twitter facebook
Re:practical, perhaps? (Score:3, Funny)

by PCM2 ( 4486 ) writes: on Monday December 18, 2006 @05:27PM (#17292050) Homepage

Sort of like trying to find a windows virus filter only to find that the virus filter has infected you.

Where the hell do you live? Soviet Russia?

Parent Share
twitter facebook
You lie! FUD! FUD! (Score:4, Funny)

by fm6 ( 162816 ) writes: on Monday December 18, 2006 @05:34PM (#17292160) Homepage Journal

If you were really that old-fashioned, you wouldn't have to disable JavaScript. The graphical web browser was invented in 1992, so you'd be compelled to use a text-only browser, such as Lynx. And those don't have any JavaScript to disable.
You are obviously part of an Evil Conspiracy. Please rant some more so I can figure out which one.

Parent Share
twitter facebook
Re:What about clipboard theft? (Score:3, Funny)

by geobeck ( 924637 ) writes: on Monday December 18, 2006 @05:44PM (#17292354) Homepage

From that site:

Did you know that by default Internet Explorer allows any website to obtain the current contents of your clipboard? This isn't a bug, Microsoft considers it a feature.

Damn Microsoft for removing features in IE7!

Parent Share
twitter facebook
Re:Cookies? Javascript? Etc? (Score:3, Funny)

by MillionthMonkey ( 240664 ) writes: on Monday December 18, 2006 @09:16PM (#17295212)

Well maybe you weren't downloading porn in 1991 but some of us were already busy gluing uuencoded ladies back together.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

390 comments32-Hour Workweek for America Proposed by Senator Bernie Sanders
358 commentsWhat Should Happen to Empty Downtown Office Spaces?
340 commentsHacktivism Erupts In Response To Hamas-Israel War
324 comments'Feedback' Is Now Too Harsh. The New Word is 'Feedforward'
248 commentsWorkers are Resisting Calls to Return to Offices

"Engineering without management is art." -- Jeff Johnson