Women in Technology

Hear us Roar



Article:
  Cookie Specification Vulnerabilities
Subject:   Waaaaaaow
Date:   2004-05-29 09:30:09
From:   SumYunGuy
I don't think this article could be any dumber. There are so many things wrong with what this guy said I don't even want to get into it. I feel sorry for the morons who think they learned something from reading this kind of drivel. These are the people who turn cookies off out of paranoia yet will still download and install the latest crapware for Windows.


Do lazy web application developers often make common mistakes such as not limiting a cookie's domain to the absolute minimal scope necessary? Yes. Are bugs occasionally found in Internet Explorer relating to cookie security? You bet. But there are so many more important security concerns to consider that preaching this kind of cookie paranoia is just ridiculous.


In short, get an open source browser. Otherwise count on everything you do on the web, whether or not you disable cookies, to be exploitable somehow by some known or soon to be discovered bug.


While you're at it, get an open source operating system, too. Otherwise count on everything you do on your computer to be accessable through some known or soon to be discovered exploit.


I'm not saying open source is safe either, just a whole helluvalot safer. I'm close to as paranoid as they come, but I have no problem with my setting of "accept all cookies" in my Firefox browser or lack of firewall on my FreeBSD workstation. (Oh God, don't even let me get started on the latest 'firewall' snake oil fad. Don't get me wrong, the right kind of firewall serves a purpose at the right place in your network, but when various "personal firewall for Windows" products are being touted as the answer to all your security woes, and selling like hotcakes, you have to wonder about the inharent flaws in how the whole situation is being approached. Darn it, I went and did get started.)