Cookie Holes Expose Browsers

Discussion in 'other security issues & news' started by ronjor, Jan 31, 2006.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    Story
     
  2. Snowie

    Snowie Guest

    ****the researcher said this feature can be easily bypassed in browsers such as Microsoft's Internet Explorer and Mozilla Foundation's Firefox. ***

    ____________________________________



    For nearly ten years I have been very out spoken against the use of Stored Cookies.......suddenly its News that Cookies are exploitable.....gee wiz, no kidding !
    All those so-called security experts that argued with me about this issue all have websites that use Stored Cookies......yeah, real experts, huh!
     
  3. Tan

    Tan Guest

    lol.. I disabled cookies 99% of the time, only have em enabled when checking bank, or email, and then i delete 'em all. i dont understand whats so hard about disabling cookies..
     
  4. Snowie

    Snowie Guest

  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    At the moment I accept only first party cookies and I have disabled third party cookies. I also clean cookies with Cookie Monster once in a while during a surfing session. Don´t know if this is safe enough, but I hope so. :rolleyes:
     
  6. NUL

    NUL Guest

    hey cookie monster looks cool. but disabling cookies all the way is retarted, every website needs cookies to function.
     
  7. Snowie

    Snowie Guest

    Rasheed187


    You are in the same situation as most other people.......who are confused and un-certain about the use of Stored Cookies........

    An yet the information that has been posted clearly speaks for itself.....an I wont comment............

    there are cleaning program that will clean-up at times you can set......but wont clean the index.dat file until the computer is re-booted.....
    .........an you should WIPE all cookies when cleaning to prevent their re-install........that should help to some extent..............

    Before this ia all over....I've a feeling we have not heard the last on Cookie exploits.




    snowie
     
  8. aka:snowman

    aka:snowman Former Poster

    Joined:
    May 14, 2004
    Posts:
    152
    For the curious among you.......of course you are awear that there is software out there that will allow you to "read" cookies............no, I wont suggest any particular program............also, after reading the story by now everyone should have installed some form of cookie control........something along the lines of MRUBLASTER.....that "wipes"
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    Well, why don´t they just fix the problem, for crying out loud, they are already working on IE7, Firefox 2 and Opera 9, so they have a chance to deal with it. o_O
     
  10. aka:snowman

    aka:snowman Former Poster

    Joined:
    May 14, 2004
    Posts:
    152
    Fix The Problem........my dear friend no one wants to fix the problem........a "FIX" is simply for websites not to use Stored Cookies.......easy enough huh...............but do you seriously think anyone is going to give up a legal exploit like this.....no way!!
     
  11. nic'd

    nic'd Registered Member

    Joined:
    Feb 12, 2006
    Posts:
    8
    Has anyone heard of or had a chance to evaluate Tracks Eraser
    ( www.acesoft.net)? Does MRU BLASTER erase .dat files?

    myfirstpost
    nic'd
     
  12. aka:snowman

    aka:snowman Former Poster

    Joined:
    May 14, 2004
    Posts:
    152
    nic'd


    The Mrublaster forum is located right here at the forum in case you have any questions regarding that program.......you should visit it if you have the time...its a nice program

    nic'd, you really don't need to purchase any software......there are ample freeware that will do the job........check these out:

    ______________________
    Internet Sweeper >wipes twice< >the free version does have a nag screen but its no big deal<

    http://www.bmesite.com/
    _____________________




    Index.dat Suite


    Index.dat Suite is a rather unique program that allows you not only to delete the index.dat files, temporary internet files, temp files, cookies and history, but it also allows you to view the index.dat files on your system.

    Index.dat Suite's current features include;
    View and delete index.dat files
    View and delete Temporary Internet Files (TIF)
    View and delete Cookies
    View and delete History
    View and delete Temp files
    View and delete Recent Documents
    Delete Typed URL's
    Delete Prefetch folder contents
    Auto-generation of batch file to assist in deleting the index.dat files in DOS.
    Optional add to RunOnce registry key

    Optional deletion of swap file (9x users only)
    Optional defrag after file deletion
    Full application logging



    *****Does not appear to offer a "WIPE" ********


    http://support.it-mate.co.uk/?mode=Products&p=index.datsuite

    ________________________________________________________________



    Welcome to the Forum.........oh, as to your question....no, have not tryed the Program you asked about.....
     
  13. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    It is articles like the one in this thread that makes me appreciate my Opera browser all the more since it was conspicuosly absent from the article concerning the cookie flaw.
     
  14. aka:snowman

    aka:snowman Former Poster

    Joined:
    May 14, 2004
    Posts:
    152
    BigC


    Hey there.......yes I noticed that.....not sure I completely understand why this exploit does not effect Opera........




    ________________________________________________________________


    ******SPECIAL NOTE*****************


    Anyone deciding to use Internet Sweeper........DO NOT CKECK THE BOX THAT SAYS: "HIDDEN FILES"" to do so will cause you to possibly delete need System Files......don't do that!!
     
  15. aka:snowman

    aka:snowman Former Poster

    Joined:
    May 14, 2004
    Posts:
    152
    You could also use the Combo of Mrublaster and Internet Sweeper.........scan first with MruBlaster........afterwards scan with Internet Sweeper.....an allow it to reboot the computer to clean
     
  16. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,089
    Hi Bigc,

    Just because Opera was not mentioned does not mean it is not vulnerable to the cookie flaw. The author may have only tested IE and Firefox and not inclulded Opera which does not provide very much reassurance.

    Evidence to the contrary, however, would be acceptable.

    -- Tom
     
  17. aka:snowman

    aka:snowman Former Poster

    Joined:
    May 14, 2004
    Posts:
    152
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    But if Cookie Muncher is so powerful why do other security apps have never implemented this feature? It sounds cool but I´m not sure if websites will still be able to function correctly if you immediately delete their cookies. :rolleyes:
     
  19. aka:snowman

    aka:snowman Former Poster

    Joined:
    May 14, 2004
    Posts:
    152
    Rasheed187

    Obviously you have not tryed CookieMuncher......Why Not ??


    For some un-known reason CookieMuncher was abandoned....which is one reason its so difficult to locate.......was truely surprised to find it at snapfiles................

    Why didn't other software implement CookieMuncher or something like it.........thats an excellent question.........kind of makes you wonder........why hasn't something like cookiemuncher been added to browsers............

    anyway.....its there for the download for anyone interested in using it...........(except its not for XP)
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    I have not yet tried it because I´m on XP, but perhaps it does work on XP as well, I will check it out, but yes it sounds very interesting, do not know about other apps with the same technology. I do know that Online Armor and Arovax Shield have realtime tracking cookies protection (OA is more advanced I think) but they use a different method. :rolleyes:
     
Loading...
Thread Status:
Not open for further replies.