Https Cookie Hijacking
|
Sep. 16, 2008, 05:57 PM
Post: #1
|
|||
|
|||
Https Cookie Hijacking
Hi,
I just stumbled upon this cookie vulnerability and was wondering if it's possible to create a Proxo filter for it? http://fscked.org/blog/fully-automated-a...-hijacking PS: It seems that Noscript has introduced some kind of protection against it, but I'm not using Noscript, but I rely on Proxo + Sidkis config set. |
|||
Sep. 16, 2008, 06:37 PM
Post: #2
|
|||
|
|||
RE: Https Cookie Hijacking
not a noscript'er either, but if noscript is a fix, then would not "disable scripts by default" be a fix also?
and what about deleting all cookies when the browser is closed? seems that should do the trick also... |
|||
Sep. 17, 2008, 06:00 AM
Post: #3
|
|||
|
|||
RE: Https Cookie Hijacking
Or, you could allow that site to set only session cookies.
|
|||
« Next Oldest | Next Newest »
|