[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Membership] Netscape security hole?




This is way, way off topic but I posting this here with the hopes someone
can pass this information to the people that need to know.

I detected a bug that appears to be affecting Netscape 4.5 users.  I am
still analyzing my log files but, in some cases, I am able to capture ALL
THE COOKIES on a user's system when they visit my web site.  In the case I
noticed this morning one person's cookie took up numerous lines in my log
file and it included cookies from many different web sites the person
visited.  Apparently the person had registered at some of the sites.  I was
able to get the person's name, address, e-mail address, and about 10 of
their user ID's used at different web sites.  I put an example at
http://OnlinePrivacy.com (with  the personal info deleted).  There is also a
link where you can see if your system is affected.

I will contact CERT now but let me know if there is someone else I should
get this info to.  Since it is Saturday I am having trouble contacting
people.

Russ Smith
http://consumer.net