The Dangers of Improper Cookie Use

shifted89 writes "Over the last year, the security community have exposed web application security for what it is — extremely lacking. However, for all the focus on XSS, CSRF, history stealing, etc., not much attention has been given to the cookie. Unfortunately, cookie misuse can be just as dangerous, if not more so than XSS attacks and InformIT illustrates why. In short, the author clearly demonstrates what can happen when a website improperly uses cookies for customer tracking — including a working illustration."

Re:practical, perhaps?

[nekokoneko]

What I really wish existed was a screen that popped up every time you went to a new site that informed the user of the site, and asked for a cookie preference for that site. That way, all cookies could be accepted at the corporate site, and no cookies might be accepted at google.

Actually, Konqueror does that if you set it up to ask what to do when you receive a cookie. I fiddled around with Firefox and couldn't find a way to do it, but maybe messing around with Network.cookie.cookieBehavior and Network.cookie.p3p

Re:practical, perhaps?

[FireFury03]

My mozilla from a year-or-so ago has this setting where it ask you about each cookie being set. it can then remember the setting for this website.
Maybe you should learn about or change your browser.

For some crazy reason, FireFox 2 has now removed this option - I had to go poking around in about:config to turn it back on. :(