News
Internet Explorer "Cookie Jar" Vulnerability Discovered
- By Scott Bekker
- 05/11/2000
A vulnerability has been found in Microsoft's Internet Explorer that exposes cookies used by many major Web sites to track user information and traffic, according to
Peacefire.org.
The vulnerability involves typing a special URL into the browser that confuses it and makes it act as though it is reading the section of the site that initially distributed the cookie. Because cookies are stored as plain text files, the vulnerability could give a malicious user access to a person's vital information, credit card numbers, and passwords.
All versions of Internet Explorer for Windows 95, 98, and NT are known to be affected, while the Macintosh and Unix versions appear safe at this time. The vulnerability is not known to affect Netscape browsers.
Peacefire.org recommends disabling JavaScript functionality in Internet Explorer as the most effective workaround for this vulnerability. - Isaac Slepner
About the Author
Scott Bekker is editor in chief of Redmond Channel Partner magazine.