Comments on: Cookie viruses? Me thinks not https://grey-panther.net/2006/11/cookie-viruses-me-thinks-not.html Just another WordPress site Tue, 21 Nov 2006 09:25:17 +0000 hourly 1 https://wordpress.org/?v=6.7.1 By: Anonymous https://grey-panther.net/2006/11/cookie-viruses-me-thinks-not.html#comment-909 Tue, 21 Nov 2006 09:25:17 +0000 https://grey-panther.net/?p=1020#comment-909 Hi,

Thanx for your thoughts on this, i appreciate it !

Regards,

Spanner

SpannerITWks

]]>
By: Cd-MaN https://grey-panther.net/2006/11/cookie-viruses-me-thinks-not.html#comment-910 Fri, 17 Nov 2006 06:58:51 +0000 https://grey-panther.net/?p=1020#comment-910 Some theoretical possibilities:

-the browser has an exploitable bug in the cookie handling code (probability: very low, damage potential: critical – would result in arbitrary code execution).

-the browser has a bug which allows sites to set cookies for other domains (probability: very low, damage potential: medium/high – could result in cross site scripting attacks if the target webpage has poorly written code)

Again, much hype has been created around cookies (mostly by the anti-spyware vendors), but they are treated by browsers as opaque things (they are not interpreted in any ways), so the possibility that a malicious use can be found which would work across browsers is very, very low. (The possibility of an exploit is also very low, since it is a simple thing to implement).

My opinion is still that this is too convoluted 🙂

]]>
By: Anonymous https://grey-panther.net/2006/11/cookie-viruses-me-thinks-not.html#comment-911 Fri, 17 Nov 2006 06:50:59 +0000 https://grey-panther.net/?p=1020#comment-911 Hi,

Your only reader is back lol. I’m sure i’m not though !

Actually i was wondering about the possibility, however remote it may seem, of Any malicious cookie manipulation in whatever way/s, rather than just viruses !

It appears it can be done to some extent from what you say, even if there are easier methods of infiltration etc via other means through other vectors.

But as the cookie file/s can be written to, if javascript or some other code was placed in there, could this possibly be made to cross feed or jump to other areas of the disk etc, under Any circumstance ?

Say if some code/url etc was placed there on one visit to a www, then on return this was used with other code to initiate some kind of attack or data theft or a redirection to a Trojan dropper download www etc for eg ?

Yeah i know i’m speculating, it’s just ideas as to what may be possible under certain conditions, eg with or without ActiveX/Scripting/Jave/Iframes enabled etc.

I feel that as baddies are always looking for new/old ways in, this could be an overlooked area in some ways ?

Thanx for your time and input,

Spanner

SpannerITWks

]]>