Threaded Mode | Linear Mode

***mandy*** · 12-19-2006, 09:43 AM,

Quote:Within one week's time, we stumbled across two different sites using cookies the wrong way. While the attack vectors were a bit different, both sites trusted the cookie data to secure their users accounts. Therefore, this week we are going to spend some time discussing cookies, when they should be used, and what can happen if they are misused...

Security Risks

While cookies can help web developers offer services and features that would require extensive programming otherwise, there are some significant security risks that must be understood before cookies are ever implemented into a website.

First, cookies are stored as plaintext on the user's computer. This means anyone can read them at any time from the local machine. This includes a nosy family member, but also includes the user of the website. In other words, web developers can never assume that the cookie data is a place to store sensitive data...

full article: http://www.informit.com/guides/content.asp?g=security&seqNum=232&rl=1

***mandy*** · 08-04-2007, 09:02 AM,

A related article:

Quote:Hackers and computer security specialists gathered in Las Vegas on Friday took aim at popular social networking websites, exposing ways to plunder data from software "cookies" used to track users...

Websites could easily fix the problem by encrypting cookies,"...

US college student Rick Deacon arrived at DefCon on Friday ready to demonstrate how to use trickery and software skills to steal enough information from MySpace users' cookies to commandeer their profile pages...

full article: http://news.yahoo.com/s/afp/20070804/tc_...anymyspace