Published at http://www.theregister.co.uk/000512-000001.html
Posted 12/05/2000 5:47am by Thomas C. Greene in Washington
Internet Explorer cookies leave you naked
Anyone who uses cookies for authentication or to store data like passwords
could have that information exposed by Internet Explorer and intercepted by
a malicious Web site, http://www.Peacefire.org reports.
Using a specially constructed URL, a third-party Web site can read Internet
Explorer cookies from any domain, enabling the operator of a hostile Website
to break into a visitor's Hotmail account; visit Amazon.com impersonating that
user and access their real name, e-mail address and list of 'recommended titles';
grab an MP3.com user's e-mail address, and so on, Peacefire contributors
Bennett Haselton and Jamie McCarthy say.
All versions of IE for Windows are affected, but versions for Unix and Mac are not,
nor is Netscape, the article says. Users of IE for Windows are urged to disable
JavaScript until the world-class innovators in Redmond noodle out a proper fix.
The Peacefire site includes a demonstration which will display cookie data for
other domains to which you're logged in another browser window.
