"Racing to downgrade users to cookie-less authentication"
As I wrote previously; I discovered that in Firefox and Opera we can exhaust the cookie limit to delete the user's old cookies.
If we assume that we will have the user browsing both a site which degrades to cookie-less auth and our malicious site at the same time then if you think about this then you can see that there is a race condition between when the server sets the cookie and the user logs in (and in some applications between when a page is served and the next html request is made).
The question is; can we win this race?
I was hooked before I even got to that part, because this a great little article on exactly the type of security chaos and fun you create with a web browser. I'll add a note that I know that my current employer's website isn't vulnerable to this, and I know that solely because of some buggy JMeter scripts that I dealt with a few months ago. Something to play with anyway.
Enough browser silliness, here's a picture from my trip. I took this when my feet were pretty much walked off and I stuck over to a window of the Louvre to try to rest my toes by sitting on a nearby bench.
I love all the statues on the outside of the Louvre. On this trip I actually walked almost entirely around the outside of the building just to read the visible names of the ones low enough to street level.
No comments:
Post a Comment