Linux Today: Linux News On Internet Time.

More on LinuxToday IE exposes private cookie data

May 12, 2000, 00:34 (1 Talkback[s])
(Other stories by Bennett Haselton)

[]On Behalf Of Bennett Haselton
Sent: Thursday, May 11, 2000 4:08 PM
Subject: (biggest one yet) IE exposes private cookie data

Peacefire has found a way for a Web site to read all cookies stored by Internet Explorer -- including cookies that were never intended to be visible to a third-party Web page. This has always been the worst fear of cookie-paranoiacs who worry about cookies revealing too much information to unauthorized sites, but a way to do it has never actually been discovered, until now. Our demonstration site is at:

This has huge implications for any site that relies on cookies to authenticate users or to store private data. Accounts with HotMail, Yahoo Mail, and almost every other free email service can be broken into using this exploit -- and none of them can prevent against it since it's a browser bug and not a flaw with the web-based mail services. cookies can be used to discover a person's real name, email address, and even the types of products that the user has purchased from Amazon -- all as a result of the user simply viewing a third-party Web page.

And it's so simple that for the first time, I can actually describe the entire trick in the press release: you simply send the Internet Explorer user to a URL such as the following:
which, after replacing the "%2f" codes with "/" and the "%3F" with "?", actually translates to:
but without actual slashes in the URL, Internet Explorer thinks the page is part of the "" domain, and allows JavaScript code on the page to read your cookie, even though the page is located on

(And after this, together with yesterday's HotMail backdoor story, I should probably get an apartment a safer distance away from Microsoft, which you can see from my window.)

(425) 649 9024