That UK.gov Firefox cookie leakage snafu explained
If you've used the latest version of Firefox to visit a UK government website in the last few weeks, you may have noticed something unusual in the browser address bar. Instead of highlighting, for example, direct.gov.uk, as you might expect from Firefox 6.0's new domain-conscious security behaviour, only the gov.uk portion is …
This topic is closed for new posts.
Really? snafu????
You can't correctly use SNAFU in that way and it's an acronym so should be in all caps anyway. Coming from the UK that has stupid high levels of "correctness" I'd expect better from you folks.
this is an appropriate title
I believe you meant 'stupidly'.
Not a SNAFU...
but a good illustration of Hanlon's Razor.
In what way?
You can't use a noun as a noun? What on Earth are you talking about?
Perhaps snafu is now an anacronym, like radar, and laser, and more correctly treated as a simple noun. That's certainly how one of your fine American dictionaries treats it:
http://www.merriam-webster.com/dictionary/snafu
And here's how one of your fine American newspapers uses it:
http://voices.washingtonpost.com/securityfix/2009/06/microsoft_patch_to_fix_firefox.html
snafu is now a word
It started as an acronym, and now it is a word. This happens in languages.
Re: snafu is now a word
Maybe we need an RFC system for words to avoid these misunderstandings.
.co.uk cookies
Not sure if it's still the case, but there was a nasty situation a while back where advertisers were writing cookies to the .co.uk domain which were then cross-readable by any UK website.
Of course, that also meant they could be deleted by any UK website, so some of my sites might run a bit of javascript that might remove cookies that are aimed at the .co.uk domain level.
Not just .gov.uk...
...gov.au seems to work in a similar manner.
@Not just .gov.uk...
I don't see this with gov.au
www.gov.au highlights the full thing www.gov.au
ato.gov.au, immi.gov.au, centrelink.gov.au also are all highlighted, not just the .gov.au part
May be so but...
...go to any .gov.au site or subdomain thereof (qld.gov.au for example) and a cookie is set for .gov.au.
No mention of XSS attacks
Does this 'snafu' also mean that cross site scripting attacks are also opened up from within any .gov.uk site to another?
snafu
I wonder how James Joyce would have used snafu in a sentence....
This topic is closed for new posts.
