A security researcher has discovered a weakness in a core browser protocol that compromises the security of Google, Facebook, and other websites by allowing an attacker to tamper with the cookies they set. The weakness stems from RFC 2965, which dictates that browsers must allow subdomains (think www.google.com) to set and read …
Surely some of this is easily avoided
Paris, 'cos even she's not as wide open as reports suggest.
Just one question
Is Firefox concerned by this exploit or not ?
Am I missing something here?
Cookie data is effectively user input. Any web app that doesn't sanitise user inputs gets what it deserves. Even if some student's project is insecure, that's no excuse for fuck ups elsewhere.
Stop the press...
Whoa, you mean that messy security on subdomain.mydomain.com can affect mydomain.com, too? Now that's a _whole_ new concept!
(For those from Beteigeuze, now's the right time to switch on your irony detector.)
So my navel-lint blog is compromised?
- Vid Hubble 'scope snaps 200,000-ton chunky crumble conundrum
- Updated + vids WHOA: Get a load of Asteroid DX110 JUST MISSING planet EARTH
- 10 years of Facebook Inside Facebook's engineering labs: Hardware heaven, HP hell – PICTURES
- Very fabric of space-time RIPPED apart in latest Hubble pic
- Massive new AIRSHIP to enter commercial service at British dirigible base