December 10th, 2001, 11:00 AM
Who stole the cookies from the cookie jar?
Microsofts definition of a cookie is "A very small text file placed on your hard drive by a Web Page server. It is essentially your identification card, and cannot be executed as code or deliver viruses. It is uniquely yours and can only be read by the server that gave it to you."
They claim that a cookie helps you by saving your time when you register for products or services or for remembering things. What they don't mention is that cookies can be a serious security and privacy concern and CAN be accessed by other servers.
A current vulnerability exists in IE 5.5 and 6.0 (Earlier editions _may_ be effected by it) Which allows a malicious website with a malformed URL to read the contents of a user's cookie which could contain passwords or other sensitive information. This could lead to stealing or altering data from Web accounts, including credit card numbers, and usernames and passwords..
Yet the unpatched version of 6.0 is still available for download at microsoft.com ...
December 10th, 2001, 11:46 AM
Of course microsoft seems to be listening to people concerning the whole "cookie conspiracy". If you look at IE6, it is much easier to disable the browser from accepting cookies that are stored on the computer, and they even went so far as to disable cookies by default. Can you believe it? Seems odd that it took them this long before they realized that people dont want cookies on their computers.
Wine maketh merry: but money answereth all things.
December 10th, 2001, 12:38 PM
the intention behind cookies is a good one, they would/do make life easier. the problem is the execution of that concept. had it been more thought out and well done, the idea would have worked and no one would have a problem... but everyone rushes everything.