Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cross Site Cooking

Posted by Hemos on Monday January 30, 2006 @11:08AM from the boning-up-on-the-bad-stuff dept.

Liudvikas Bukys writes "Michal Zalewski identifies a new class of attacks on users of web applications, dubbed Cross Site Cooking. Various browsers' implementations of restrictions on where cookies come from and where they're sent are weaker than you think. Web applications that depend on the browser enforcing much will offer many opportunities for mischief."

3 of 125 comments (clear)

Min score:

Reason:

Sort:

Cross Site Cooking? by Anonymous Coward · 2006-01-30 11:12 · Score: 1, Funny

Don't you bake cookies?
Re:Nasty by dasil003 · 2006-01-30 11:40 · Score: 2, Funny

...unless you want all your AOL-based visitors to keep getting logged out.

Uhhhhmmmm...

Nah, it's too easy.

Seriously, good point, it just underscores the problem.
Re:Opera by mrdaveb · 2006-01-30 19:10 · Score: 2, Funny

Kryten: RFC Directive 2965 'No officer above the rank of mess sergeant is permitted to go into combat with pierced nipples'. Sorry sir, I fail to see the relevance

--
Homme petit d'homme petit, s'attend, n'avale