This is a cryptographically signed message in MIME format. --------------ms902EEF5D6A968B19AB77A303 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hello, I have an evil cookie observation I'd like to share: While developing some CGI stuff, I noticed that my browser was sending a cookie which didn't make sense since I had control of that domain and I hadn't issues any cookies .. the name "CyberTargetAnonymous" didn't fill me with confidence either. After refreshing my knowledge of cookies at netscapes developer site below I noticed something strange: http://developer.netscape.com:80/docs/manuals/communicator/jsguide4/cookies.htm In the section "Determining a valid domain" is this little gem: <quote> If the domain attribute matches the end of the fully qualified domain name of the host, then path matching is performed to determine if the cookie should be sent. For example, a domain attribute of royalairways.com matches hostnames anvil.royalairways.com and ship.crate.royalairways.com. Only hosts within the specified domain can set a cookie for a domain. In addition, domain names must use at least two or three periods. Any domain in the COM, EDU, NET, ORG, GOV, MIL, and INT categories requires only two periods; all other domains require at least three periods. </quote> So my questions are these: a) Why would Netscape Communicator 4.7 accept a cookie like this (invalid -- only two periods): .com.au TRUE / FALSE 1264987602 CyberTargetAnonymous NMN000CDCF833FA08963E9BDBC6CAA59301 b) How can this be used by some mass marketing company to turn me into a number in their systems for sale to the highest bidder? Just because you're paranoid doesn't mean they're not all out to get you. -- Iain Wade --------------ms902EEF5D6A968B19AB77A303 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIKIwYJKoZIhvcNAQcCoIIKFDCCChACAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC CBswggTlMIIETqADAgECAhAihK6/SPMlmvfPt0qAgkXfMA0GCSqGSIb3DQEBBAUAMIHMMRcw FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29y azFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAuIEJ5 IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UEAxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJbmRp dmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3QgVmFsaWRhdGVkMB4XDTAwMDExODAwMDAw MFoXDTAxMDExNjIzNTk1OVowggESMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UE CxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9y ZXBvc2l0b3J5L1JQQSBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5ODEeMBwGA1UECxMV UGVyc29uYSBOb3QgVmFsaWRhdGVkMTQwMgYDVQQLEytEaWdpdGFsIElEIENsYXNzIDEgLSBN aWNyb3NvZnQgRnVsbCBTZXJ2aWNlMRIwEAYDVQQDFAlJYWluIFdhZGUxJDAiBgkqhkiG9w0B CQEWFWl3YWRlQG9wdHVzbmV0LmNvbS5hdTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCdB4te 5gDZ7LJ4Ze6qarbtECEoFLIaADpwiKe3e69WnEO4GKLadH70kpn3cZZXGDsxaz7aIxggbi9t ghNtDwuBAgMBAAGjggHBMIIBvTAJBgNVHRMEAjAAMIGsBgNVHSAEgaQwgaEwgZ4GC2CGSAGG +EUBBwEBMIGOMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vQ1BTMGIG CCsGAQUFBwICMFYwFRYOVmVyaVNpZ24sIEluYy4wAwIBARo9VmVyaVNpZ24ncyBDUFMgaW5j b3JwLiBieSByZWZlcmVuY2UgbGlhYi4gbHRkLiAoYyk5NyBWZXJpU2lnbjARBglghkgBhvhC AQEEBAMCB4AwgYYGCmCGSAGG+EUBBgMEeBZ2ZDQ2NTJiZDYzZjIwNDcwMjkyOTg3NjNjOWQy ZjI3NTA2OWM3MzU5YmVkMWIwNTlkYTc1YmM0YmM5NzAxNzQ3ZGE1YzdmNDE0MWJlYWRiMmJk MmU4OTIwNmFmNmFmOGRlMTE0OTk2YTNiMzRhZmNmM2VhNDUwYzAwBgpghkgBhvhFAQYHBCIW IDIyNTg5ODEyZjM4NDM3NjFhMzk1YjRhNjMyMTJkOGY5MDMGA1UdHwQsMCowKKAmoCSGImh0 dHA6Ly9jcmwudmVyaXNpZ24uY29tL2NsYXNzMS5jcmwwDQYJKoZIhvcNAQEEBQADgYEACmI5 JzhJmJTkCwO03ok+yBtQi1AKUVEXDxtutj7fBJ3G1GVyqF/Y/5wRRHLWi8qH2ezcjnIrb4sT BhlaPJj08zuJYjedRHxrMU8enEsQ+vuagQfy3A2ib1Nd+64LIWF6qXz+Cg4a5iAUfSBHAgbC 35t91rQUaa/dnwnERhD4eA0wggMuMIICl6ADAgECAhEA0nYujRQMPX2yqCVdr+4NdTANBgkq hkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1 BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw HhcNOTgwNTEyMDAwMDAwWhcNMDgwNTEyMjM1OTU5WjCBzDEXMBUGA1UEChMOVmVyaVNpZ24s IEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52 ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5jb3JwLiBCeSBSZWYuLExJQUIuTFREKGMp OTgxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNzIDEgQ0EgSW5kaXZpZHVhbCBTdWJzY3JpYmVy LVBlcnNvbmEgTm90IFZhbGlkYXRlZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu1pE igQWu1X9A3qKLZRPFXg2uA1Ksm+cVL+86HcqnbnwaLuV2TFBcHqBS7lIE1YtxwjhhEKrwKKS q0RcqkLwgg4C6S/7wju7vsknCl22sDZCM7VuVIhPh0q/Gdr5FegPh7Yc48zGmo5/aiSS4/zg ZbqnsX7vyds3ashKyAkG5JkCAwEAAaN8MHowEQYJYIZIAYb4QgEBBAQDAgEGMEcGA1UdIARA MD4wPAYLYIZIAYb4RQEHAQEwLTArBggrBgEFBQcCARYfd3d3LnZlcmlzaWduLmNvbS9yZXBv c2l0b3J5L1JQQTAPBgNVHRMECDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQIF AAOBgQCIuDc73dqUNwCtqp/hgQFxHpJqbS/28Z3TymQ43BuYDAeGW4UVag+5SYWklfEXfWe0 fy0s3ZpCnsM+tI6q5QsG3vJWKvozx74Z11NMw73I4xe1pElCY+zCphcPXVgaSTyQXFWjZSAA /Rgg5V+CprGoksVYasGNAzzrw80FopCubjGCAdAwggHMAgEBMIHhMIHMMRcwFQYDVQQKEw5W ZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UE CxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAuIEJ5IFJlZi4sTElB Qi5MVEQoYyk5ODFIMEYGA1UEAxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJbmRpdmlkdWFsIFN1 YnNjcmliZXItUGVyc29uYSBOb3QgVmFsaWRhdGVkAhAihK6/SPMlmvfPt0qAgkXfMAkGBSsO AwIaBQCggYYwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDAw MjAyMDk0NTU0WjAjBgkqhkiG9w0BCQQxFgQUfNJG4EKTToTgQY9Pldw+I3kcWFkwJwYJKoZI hvcNAQkPMRowGDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAARANdpG MN0UaBDE5uiqwnr6NOvJ5hd7ND83JDRxp8p6KQtU1zeo41NjCEE/aBeMRQ7UM8kGWrNGyHlt HeSyBbPXAA== --------------ms902EEF5D6A968B19AB77A303--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:33:09 PDT