OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: IE cookies security
From: Geoffrey Moon (gmoonALLIEDNA.COM)
Date: Thu May 11 2000 - 16:26:47 CDT

Don't know what the code on that page does, but on my machine (W2K 2195
server) the test page could not display any values from cookies on my
machine. What it did do was render the cookies on my machine useless,
perhaps by somehow corrupting the index.dat file on the machine? After
visiting that page and testing a couple of domains, none of the cookies on
my machine are usable by IE, though they still exist in the cookies
directory and appear have not been touched. Beware.

(FWIW, I'm running Cookie Pal 1.5 on my machine to screen cookies, and it
also reports that all the cookies on my machine are now inaccessable by IE.)

Geoff Moon

-----Original Message-----
From: Windows NTBugtraq Mailing List
[mailto:NTBUGTRAQLISTSERV.NTBUGTRAQ.COM]On Behalf Of McCorkle Joe
Sent: Thursday, May 11, 2000 4:40 PM
To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
Subject: [NTBUGTRAQ] IE cookies security

If you're using Microsoft Internet Explorer running on Microsoft Windows,
turn off
            Javascript now. Your cookie file is readable by any hostile
website. Or, if you'd like to
            see the security hole in action, leave Javascript on and check
it out: "Open Cookie Jar."
            http://www.peacefire.org/security/iecookies/

> Joseph R. McCorkle
> Enterprise Windows 2000 Team
> Computer Services
> John Deere PDC
> 309.756.1258-Voice
> 309.749.0081-Fax
> McCorkleJoeJdcorp.deere.com
>
>