DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News
Reload this Page Security Cookies can render secure websites vulnerable in all modern browsers
FAQ Search Today's Posts Mark Forums Read

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 24th September 2015
J65nko J65nko is offline
Administrator
  
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,131
Default Cookies can render secure websites vulnerable in all modern browsers
From https://thestack.com/security/2015/0...dern-browsers/ :

Quote:
CERT have issued a new directive notifying that cookies can be used to allow remote attackers to bypass a secure protocol (HTTPS) and reveal private session information – and that modern browsers, including Apple’s Safari, Mozilla’s Firefox and Google’s Chrome, currently provide no protection against the attack vector. Research indicates that secure sites as important as Google and the Bank of America are vulnerable to the technique.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 25th September 2015
bsd-keith bsd-keith is offline
Real Name: Keith
Open Source Software user
  
Join Date: Jun 2014
Location: Surrey/Hants Border, England
Posts: 345
Default
So, cookies aren't so innocent after all.
__________________
Linux since 1999, & also a BSD user.
Reply With Quote
  #3   (View Single Post)  
Old 25th September 2015
e1-531g e1-531g is offline
ISO Quartermaster
  
Join Date: Mar 2014
Posts: 628
Default
In Firefox I always set "Accept third-party cookies" to Never.
It reflects Network.cookie.cookieBehavior option in about:config.
Does this bug also affects me considering these config options?
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Forging administrator cookies and crocking crypto ... for dummies J65nko News 1 5th November 2014 05:39 PM
5.4 amd64 on Thinkpad x200: "render error detected" on booting. karl OpenBSD Installation and Upgrading 2 5th November 2013 04:28 AM
Security New attack against TLS/SSL obtains session cookies from HTTPS jggimi News 1 17th September 2012 05:00 PM
Mozilla: 'Internet Explorer 9 is not a modern browser' J65nko News 23 3rd March 2011 08:22 PM
HTTP cookies, or how not to design protocols J65nko News 2 31st October 2010 07:39 AM


All times are GMT. The time now is 10:57 PM.

DaemonForums.org RSS Feeds - Contact Us - DaemonForums.org - Archive - Privacy Statement - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick