Cookie Holes Expose Browsers

****the researcher said this feature can be easily bypassed in browsers such as Microsoft's Internet Explorer and Mozilla Foundation's Firefox. ***

____________________________________



For nearly ten years I have been very out spoken against the use of Stored Cookies.......suddenly its News that Cookies are exploitable.....gee wiz, no kidding !
All those so-called security experts that argued with me about this issue all have websites that use Stored Cookies......yeah, real experts, huh!

 

lol.. I disabled cookies 99% of the time, only have em enabled when checking bank, or email, and then i delete 'em all. i dont understand whats so hard about disabling cookies..

 

Related Issue:




https://www.wilderssecurity.com/showthread.php?t=118617

 

At the moment I accept only first party cookies and I have disabled third party cookies. I also clean cookies with Cookie Monster once in a while during a surfing session. Don´t know if this is safe enough, but I hope so.

 

hey cookie monster looks cool. but disabling cookies all the way is retarted, every website needs cookies to function.

 

Rasheed187


You are in the same situation as most other people.......who are confused and un-certain about the use of Stored Cookies........

An yet the information that has been posted clearly speaks for itself.....an I wont comment............

there are cleaning program that will clean-up at times you can set......but wont clean the index.dat file until the computer is re-booted.....
.........an you should WIPE all cookies when cleaning to prevent their re-install........that should help to some extent..............

Before this ia all over....I've a feeling we have not heard the last on Cookie exploits.




snowie

 

For the curious among you.......of course you are awear that there is software out there that will allow you to "read" cookies............no, I wont suggest any particular program............also, after reading the story by now everyone should have installed some form of cookie control........something along the lines of MRUBLASTER.....that "wipes"

 

Well, why don´t they just fix the problem, for crying out loud, they are already working on IE7, Firefox 2 and Opera 9, so they have a chance to deal with it.

 

Fix The Problem........my dear friend no one wants to fix the problem........a "FIX" is simply for websites not to use Stored Cookies.......easy enough huh...............but do you seriously think anyone is going to give up a legal exploit like this.....no way!!

 

Has anyone heard of or had a chance to evaluate Tracks Eraser
( www.acesoft.net)? Does MRU BLASTER erase .dat files?

myfirstpost
nic'd

 

nic'd


The Mrublaster forum is located right here at the forum in case you have any questions regarding that program.......you should visit it if you have the time...its a nice program

nic'd, you really don't need to purchase any software......there are ample freeware that will do the job........check these out:

______________________
Internet Sweeper >wipes twice< >the free version does have a nag screen but its no big deal<

http://www.bmesite.com/
_____________________




Index.dat Suite


Index.dat Suite is a rather unique program that allows you not only to delete the index.dat files, temporary internet files, temp files, cookies and history, but it also allows you to view the index.dat files on your system.

Index.dat Suite's current features include;
View and delete index.dat files
View and delete Temporary Internet Files (TIF)
View and delete Cookies
View and delete History
View and delete Temp files
View and delete Recent Documents
Delete Typed URL's
Delete Prefetch folder contents
Auto-generation of batch file to assist in deleting the index.dat files in DOS.
Optional add to RunOnce registry key

Optional deletion of swap file (9x users only)
Optional defrag after file deletion
Full application logging



*****Does not appear to offer a "WIPE" ********


http://support.it-mate.co.uk/?mode=Products&p=index.datsuite

________________________________________________________________



Welcome to the Forum.........oh, as to your question....no, have not tryed the Program you asked about.....

 

It is articles like the one in this thread that makes me appreciate my Opera browser all the more since it was conspicuosly absent from the article concerning the cookie flaw.

 

BigC


Hey there.......yes I noticed that.....not sure I completely understand why this exploit does not effect Opera........




________________________________________________________________


******SPECIAL NOTE*****************


Anyone deciding to use Internet Sweeper........DO NOT CKECK THE BOX THAT SAYS: "HIDDEN FILES"" to do so will cause you to possibly delete need System Files......don't do that!!

 

You could also use the Combo of Mrublaster and Internet Sweeper.........scan first with MruBlaster........afterwards scan with Internet Sweeper.....an allow it to reboot the computer to clean

 

Hi Bigc,

Just because Opera was not mentioned does not mean it is not vulnerable to the cookie flaw. The author may have only tested IE and Firefox and not inclulded Opera which does not provide very much reassurance.

Evidence to the contrary, however, would be acceptable.

-- Tom

 

NON- XP Users should also refer to this Thread:


https://www.wilderssecurity.com/showthread.php?t=120198





REMINDER: the program listed in the above Thread IS NOT FOR XP

 

But if Cookie Muncher is so powerful why do other security apps have never implemented this feature? It sounds cool but I´m not sure if websites will still be able to function correctly if you immediately delete their cookies.

 

Rasheed187

Obviously you have not tryed CookieMuncher......Why Not ??


For some un-known reason CookieMuncher was abandoned....which is one reason its so difficult to locate.......was truely surprised to find it at snapfiles................

Why didn't other software implement CookieMuncher or something like it.........thats an excellent question.........kind of makes you wonder........why hasn't something like cookiemuncher been added to browsers............

anyway.....its there for the download for anyone interested in using it...........(except its not for XP)

 

I have not yet tried it because I´m on XP, but perhaps it does work on XP as well, I will check it out, but yes it sounds very interesting, do not know about other apps with the same technology. I do know that Online Armor and Arovax Shield have realtime tracking cookies protection (OA is more advanced I think) but they use a different method.