OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Voodoo Child (auto125268HUSHMAIL.COM)
Date: Sun Apr 08 2001 - 15:44:28 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Agreed. I know one company that is considering prxying cookies for a third-
    party that will get around it. They basically create a server to server
    connection, and when a particular cookie is set for a service by the first
    party, it gets echoes back to the third-party.

    At Sun, 8 Apr 2001 11:42:23 -0700, Ric Steinberger <ricstRUSTYMAIL.COM>
    wrote:

    >
    >Richard,
    >
    > I have a bad feeling about this. My concern is that Microsoft doesn't
    >want to
    >arouse the wrath of powerful advertising companies like Double Click,
    > so some
    >way will be "found" for these companies to meet minimum standards.
    >In other
    >words, minimum standards could really be pretty darned minimum, and
    >most third
    >party cookies would continue to be deposited and read back.
    >
    >ric
    >
    >Ric Steinberger
    >Security Portal - the Focal Point for Security on the Net
    >http://www.securityportal.com/
    >650.856.2067
    >Mobile: 650.302.4322
    >Pager: 360.307.5045
    >
    >-----Original Message-----
    >From: Web and Mobile Code Security [mailto:WWW-MOBILE-CODESECURITYFOCUS.COM]On
    >Behalf Of Richard M. Smith
    >Sent: Sunday, April 08, 2001 9:08 AM
    >To: WWW-MOBILE-CODE-X-SECURITYFOCUS.COMmail-x-change.com
    >Subject: Re: Internet Explorer 6
    >
    >Hi Ric,
    >
    >In order for a Web site to set a third-party cookie
    >on a computer running IE6, the site must have P3P privacy
    >policy which meets certain minimum standards. What these
    >standards are I don't quite know.
    >
    >Richard
    >
    >-----Original Message-----
    >From: Web and Mobile Code Security
    >[mailto:WWW-MOBILE-CODESECURITYFOCUS.COM]On Behalf Of Ric Steinberger
    >Sent: Sunday, April 08, 2001 11:31 AM
    >To: WWW-MOBILE-CODESECURITYFOCUS.COM
    >Subject: Re: Internet Explorer 6
    >
    >
    >It's interesting that IE 6, under the privacy setting, at the medium
    >level,
    >says
    >"Do not allow unsatisfactory third parties" to install cookies. It's
    >not
    >clear
    >what MS means by unsatisfactory, but this could be crucial. What if
    >MS
    >takes a
    >very narrow definition of unsatisfactory, meaning that it defines
    >unsatisfactory
    >as related to porn or violence, whereas Double Click, being merely an
    >advertiser, is quite "satisfactory." I don't know that this is true.
    > But
    >the
    >wording in the IE config panel is certainly ambiguous.
    >
    >Ric Steinberger
    >Security Portal - the Focal Point for Security on the Net
    >http://www.securityportal.com/
    >650.856.2067
    >Mobile: 650.302.4322
    >Pager: 360.307.5045
    >
    >-----Original Message-----
    >From: Web and Mobile Code Security
    >[mailto:WWW-MOBILE-CODESECURITYFOCUS.COM]On
    >Behalf Of Voodoo Child
    >Sent: Saturday, April 07, 2001 10:00 PM
    >To: WWW-MOBILE-CODE-X-SECURITYFOCUS.COMmail-x-change.com
    >Subject: Re: Internet Explorer 6
    >
    >Heres then gen on third-party cookies .....for those interested.
    >
    >http://msdn.microsoft.com/workshop/security/privacy/ie6privacyfeature.asp#IE
    >6Pri
    >vacyFeature_topic3
    >
    >At Sat, 7 Apr 2001 19:25:55 -0700, Ric Steinberger <ricstRUSTYMAIL.COM>
    >wrote:
    >
    >>
    >>Some "smart" marketing companies have discovered how to create and
    >read
    >>cookies
    >>using Javascript. That's harder to block/prevent than the conventional
    >>HTTP
    >>cookie creation method.
    >>
    >>Ric Steinberger
    >>Security Portal - the Focal Point for Security on the Net
    >>http://www.securityportal.com/
    >>650.856.2067
    >>Mobile: 650.302.4322
    >>Pager: 360.307.5045
    >>
    >>-----Original Message-----
    >>From: Web and Mobile Code Security
    >[mailto:WWW-MOBILE-CODESECURITYFOCUS.COM]On
    >>Behalf Of Voodoo Child
    >>Sent: Saturday, April 07, 2001 8:07 PM
    >>To: WWW-MOBILE-CODE-X-SECURITYFOCUS.COMmail-x-change.com
    >>Subject: Internet Explorer 6
    >>
    >>Anyoine lese been playing with Internet Explorer 6 ? Seems they have
    >>done
    >>P3P the standard being developed by the www.W3c.com/p3p ...one cool
    >>thing
    >>is stopping third party cookies ....looks like double clicks business
    >>just
    >>died ;-)
    >>Free, encrypted, secure Web-based email at www.hushmail.com
    >>
    >>_____________________________________________
    >>Forward your Yahoo mail to your WAP device at www.mail-x-change.com
    >>
    >Free, encrypted, secure Web-based email at www.hushmail.com
    >
    >_____________________________________________
    >Send a copy of all your email to your WAP device at www.mail-x-change.com
    >
    >_____________________________________________
    >Get a lifetime email address at www.mail-x-change.com
    >
    Free, encrypted, secure Web-based email at www.hushmail.com