Slashdot Mirror

← Back to Stories (view on slashdot.org)

Friday Security Fun

Posted by pudge on Friday December 5, 2003 @08:54AM from the updating-as-soon-as-i-post-this-story-and-quit-my-browser dept.

rgraham writes "Apple has release a new security update for the Safari cookie bug. 'Security Update 2003-12-05 updates Safari to prevent unauthorized access to a user's cookies.' They also updated the article on how to 'Configure Directory Access to Protect Your Mac From a Malicious DHCP Server.'" We posted that the other day, but this time, pictures!

2 of 52 comments (clear)

Min score:

Reason:

Sort:

'Only from sites you navigate to' by rixstep · 2003-12-05 19:55 · Score: 5, Interesting

'For example, not from advertisers on those sites'

So reads the third cookie option in Safari, but it's not true. You'll find '.doubleclick.net' in there all the time, and I doubt any of you are wandering over to DoubleClick to check out the action.

And any domain for a cookie beginning with a '.' means 'any URL in that domain' - and that is NOT just 'from sites you navigate to'.
Replace Cookies.plist with a folder by Anonymous Coward · 2003-12-05 20:32 · Score: 5, Interesting

...and the cookies only last for the current session.