Re: Web session tracking security prob. Vulnerable: IIS and ColdF usion (maybe others)

From: Dug Song (dugsongat_private)
Date: Thu Aug 30 2001 - 13:24:14 PDT

  • Next message: Kevin Fu: "Re: Web session tracking security prob. Vulnerable: IIS and ColdF usion (maybe others)"

    On Thu, Aug 30, 2001 at 03:37:01PM -0400, Jose Nazario wrote:
    
    > predictive cookie values are nothing new. :)
    
    fubob cracked the WSJ.com master key with a simple adaptive chosen
    plaintext attack last year. see his paper on client web authentication
    (which won best student paper at this past USENIX) for a nice overview:
    
    	http://cookies.lcs.mit.edu/
    
    -d.
    
    ---
    http://www.monkey.org/~dugsong/
    



    This archive was generated by hypermail 2b30 : Thu Aug 30 2001 - 13:44:12 PDT