February 23rd, 2009, 04:14 AM
can awebsite steal another website cookie
im asking if its possible to a website to steal another website cookie from the browser?
why i see only few posts on the forums although the number of posts is so much ??!!
thanks in advance.
February 23rd, 2009, 06:13 AM
February 23rd, 2009, 06:20 AM
I will answer the second question first. Basically you cannot see all the forums. Some are restricted and some are obsolete given the current site format.
As for cookies being stolen, I would say that it would be generally possible, but would depend very much on circumstances, as would the significance.
For example when I log on I get cookies from Google and Yahoo. I don't think that stealing those would be of any value to anyone?
When I browse the net I pick up cookies that I would consider to be equally valueless.
My browser is set to only retain cookies for the session and to clear them when I close it.
When I leave a site that requires a logon, I always log out to close the session. I also close my browser to clear my private data locally.
If you have closed the session then the session cookie is pretty much useless.
I will clarify what I am talking about. I am envisaging that I connect my dial-up or ADSL modem and connect to an ISP.
I then visit site "A" and pick up a cookie....................I then go to site "B" So that gives us the following:
1. If I have disabled all cookies then no site can set them or read (steal) them.
2. If I have specifically allowed cookies for site "A" but not "B" then "B" should not be able to read site A's cookie.
3. If I restart my browser/clear private data before visiting site "B", then once again there is nothing there to steal.
4. If site "A" has terminated my session when I left it, then it doesn't matter if site "B" can read it from my browser because it has expired, and won't be accepted anymore.
5. Where I have a secure logon and leave the session open, it should still be protected by the site as it shouldn't allow more than one active session for the same user.
Last edited by nihil; February 23rd, 2009 at 06:57 AM.
If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?
February 23rd, 2009, 11:43 AM
thanks for reply
i mean if both sites cookies still alive not expired
can any one of them steal the cookie of the other ?
February 23rd, 2009, 06:45 PM
I remember some six or seven years ago...
I had found out that alot of the crappy scripts JP put on the site didn't consistently need "cookies". Alot of the junk he put up could be parced straight through a single URL. So what happend was I put up a URL in my signature that forced everyone to Neg another user.
February 24th, 2009, 04:03 AM
thanks for reply
i mean if the user in logged into yahoo and enter another website
can this website steal yahoo cookie?
February 24th, 2009, 05:29 AM
If there is something completely wrong with you're browser... then yes.
February 24th, 2009, 05:40 AM
macnux: Do some reading on the Same Origin Policy (http://en.wikipedia.org/wiki/Same_origin_policy). Essentially a website would have to violate the Same Origin Policy in order to access your cookies. Does this happen? Sure... Do some googling and you'll find lots of cases of vulnerabilities in browsers that have allowed people to bypass the policy over time.
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
February 24th, 2009, 06:48 AM
Sites can borrow cookie information
How is possible that if one visits the weather channel enters his postal code to get the weather then the next site he goes to can guess his locality.
Try it some time, get the weather then visit some porn site and find out that single women in yourtown want to meet you.
"Somehow saying I told you so just doesn't cover it" Will Smith in I, Robot
February 24th, 2009, 07:12 AM
Most ads like that sift through results in whois databases.
By jethro in forum The Security Tutorials Forum
Last Post: August 9th, 2006, 10:13 AM
By Spyder32 in forum Miscellaneous Security Discussions
Last Post: September 18th, 2004, 10:14 AM
By Szafran in forum AntiOnline's General Chit Chat
Last Post: September 13th, 2003, 04:21 PM
By er0k in forum The Security Tutorials Forum
Last Post: February 3rd, 2003, 02:23 AM
By Noble Hamlet in forum AntiOnline's General Chit Chat
Last Post: March 17th, 2002, 08:38 AM