Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Dangers of Improper Cookie Use

Posted by CmdrTaco on

shifted89 writes "Over the last year, the security community have exposed web application security for what it is — extremely lacking. However, for all the focus on XSS, CSRF, history stealing, etc., not much attention has been given to the cookie. Unfortunately, cookie misuse can be just as dangerous, if not more so than XSS attacks and InformIT illustrates why. In short, the author clearly demonstrates what can happen when a website improperly uses cookies for customer tracking — including a working illustration."

13 of 191 comments (clear)

  1. Old News by MyLongNickName · · Score: 4, Funny

    Cookie misuse has been chronicled here

    --
    See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
    1. Re:Old News by Anonymous Coward · · Score: 1, Funny

      So you've never imagined Yoda saying "Waka waka waka"

    2. Re:Old News by sharkey · · Score: 2, Funny

      Such a tender, heartwarming account of someone bettering himself. What they don't show is the agonizing struggle he went through.

      --

      --
      "Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
  2. Cookies? Javascript? Etc? by Anonymous Coward · · Score: 5, Funny

    I disable them all because I hate any innovation of the web past 1991. Anyone who disagrees with me is wrong. This article is proof.

    1. Re:Cookies? Javascript? Etc? by Anonymous Coward · · Score: 2, Funny

      Really? I'm the opposite.

      As Scott McNealy once said, "Privacy is dead, deal with it". I've extended that to security which is why I enable javascript and install the binary-only flash player which is configured to auto execute bytecode from any server on the web. In my vision of the future, anybody with disabilities, privacy concerns, security concerns or who is running something other than Windows isn't worth bothering with. Viva innovation, especially from Microsoft!

    2. Re:Cookies? Javascript? Etc? by kalaf · · Score: 4, Funny

      High resolution porn? No wait, I take it back!

    3. Re:Cookies? Javascript? Etc? by MillionthMonkey · · Score: 2, Funny

      Well maybe you weren't downloading porn in 1991 but some of us were already busy gluing uuencoded ladies back together.

  3. Remember.. by Swimport · · Score: 2, Funny

    Cookies go in the mouth not the nose.

  4. The Real Danger of Improper Cookie Use by MrCopilot · · Score: 1, Funny
    The Real Danger of Improper Cookie Use:

    Two Words: Crumby Milk

    Thank You and Tip your Servers.

    --
    OSGGFG - Open Source Gamers Guide to Free Games
  5. Obligatory Simpsons reference.... by Illusion2269 · · Score: 5, Funny

    Mindy: What's wrong?
    Homer: Oh, yeah, like you don't know. We're gonna have sex!
    Mindy: Oh...well, we don't have to.
    Homer: Yes we do! The cookie told me so.
    Mindy: Well...desserts aren't always right.
    Homer: But they're so sweet!

  6. Re:practical, perhaps? by PCM2 · · Score: 3, Funny
    Sort of like trying to find a windows virus filter only to find that the virus filter has infected you.

    Where the hell do you live? Soviet Russia?

    --
    Breakfast served all day!
  7. You lie! FUD! FUD! by fm6 · · Score: 3, Funny

    If you were really that old-fashioned, you wouldn't have to disable JavaScript. The graphical web browser was invented in 1992, so you'd be compelled to use a text-only browser, such as Lynx. And those don't have any JavaScript to disable.

    You are obviously part of an Evil Conspiracy. Please rant some more so I can figure out which one.

  8. Re:What about clipboard theft? by geobeck · · Score: 2, Funny

    From that site:

    Did you know that by default Internet Explorer allows any website to obtain the current contents of your clipboard? This isn't a bug, Microsoft considers it a feature.

    Damn Microsoft for removing features in IE7!

    --
    Find environmentally and socially responsible products on http://buy-right.net