And another thing: Surely the attack needs to sniff your packets? Which means the attacker needs to be on the same subnet as you (or in your ISP!).
On Sat, Sep 18, 2010 at 6:17 PM, Paul Hill <[email protected]> wrote: > On Fri, Sep 17, 2010 at 7:06 PM, Paul McNett <[email protected]> wrote: >> http://www.theinquirer.net/inquirer/news/1732956/security-researchers-destroy-microsoft-aspnet-security >> >> -or- >> >> http://bit.ly/cIG9R7 > > Hi Paul, > > From what I understand this is only a problem if the cookie contains > sensitive data. Generally you would keep only a session ID in the > cookie, which is next to useless for a hacker. Well, at least that's > the way I would do things! > > -- > Paul > -- Paul _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
