Feeds

back to article That UK.gov Firefox cookie leakage snafu explained

If you've used the latest version of Firefox to visit a UK government website in the last few weeks, you may have noticed something unusual in the browser address bar. Instead of highlighting, for example, direct.gov.uk, as you might expect from Firefox 6.0's new domain-conscious security behaviour, only the gov.uk portion is …

COMMENTS

This topic is closed for new posts.
Silver badge

Really? snafu????

You can't correctly use SNAFU in that way and it's an acronym so should be in all caps anyway. Coming from the UK that has stupid high levels of "correctness" I'd expect better from you folks.

0
3
Thumb Up

this is an appropriate title

I believe you meant 'stupidly'.

9
0
Thumb Up

Not a SNAFU...

but a good illustration of Hanlon's Razor.

1
0
Anonymous Coward

In what way?

You can't use a noun as a noun? What on Earth are you talking about?

Perhaps snafu is now an anacronym, like radar, and laser, and more correctly treated as a simple noun. That's certainly how one of your fine American dictionaries treats it:

http://www.merriam-webster.com/dictionary/snafu

And here's how one of your fine American newspapers uses it:

http://voices.washingtonpost.com/securityfix/2009/06/microsoft_patch_to_fix_firefox.html

1
0
Silver badge

snafu is now a word

It started as an acronym, and now it is a word. This happens in languages.

4
0
Gold badge
Coat

Re: snafu is now a word

Maybe we need an RFC system for words to avoid these misunderstandings.

1
0
Mushroom

.co.uk cookies

Not sure if it's still the case, but there was a nasty situation a while back where advertisers were writing cookies to the .co.uk domain which were then cross-readable by any UK website.

Of course, that also meant they could be deleted by any UK website, so some of my sites might run a bit of javascript that might remove cookies that are aimed at the .co.uk domain level.

3
0
Silver badge

Not just .gov.uk...

...gov.au seems to work in a similar manner.

0
0
Meh

@Not just .gov.uk...

I don't see this with gov.au

www.gov.au highlights the full thing www.gov.au

ato.gov.au, immi.gov.au, centrelink.gov.au also are all highlighted, not just the .gov.au part

0
0
Silver badge

May be so but...

...go to any .gov.au site or subdomain thereof (qld.gov.au for example) and a cookie is set for .gov.au.

0
0

No mention of XSS attacks

Does this 'snafu' also mean that cross site scripting attacks are also opened up from within any .gov.uk site to another?

0
0

snafu

I wonder how James Joyce would have used snafu in a sentence....

0
0
Silver badge
Happy

@Bruce

Are you sure he didn't?

0
0
This topic is closed for new posts.