OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: cache cookies?
From: MadHat (madhatUNSPECIFIC.COM)
Date: Fri Dec 15 2000 - 18:46:21 CST

At 04:37 PM 12/14/2000 -0800, you wrote:
>Thomas Reinke <reinkeE-SOFTINC.COM> writes:
> > Actually, it *does* work. We have on our site a
> > working demonstration of the exploit, showing whether or not
> > you've visited one or more of more than 80 different well known
> > sites. The URL is
> >
> > http://www.securityspace.com/exploit/exploit_2a.html
>
>Using default cache settings and with JavaScript enabled, and without any
>proxies in the picture, the exploit fails for me, saying "Cache Miss" for
>all entries, even ones just visited.

Also note that the page claims that all should be there (a "Cache Hit!!!")
once you have visited the test site, but just hitting reload showed about 5
or 6 that still showed "Cache Miss" using netscape 4.76 (all default) on
Win2k and as I keep hitting reload a different number and different sites
show "Cache Miss".

>This is with Netscape Communicator 4.75 (I know, still need to upgrade to
>4.76 due to the fixed buffer overflows) on Windows NT 4.0 and Netscape
>Navigator 3.04 on AIX 4.1.5.
>
>It did work with Internet Explorer, though.
>
>----------------------------------------------------------------------
>Dan Harkless | To prevent SPAM contamination, please
>dan-bugtraqdilvish.speed.net | do not mention this private email
>SpeedGate Communications, Inc. | address in Usenet posts. Thank you. 

--
MadHat at unspecific.com