|
|
Posted by Edward Vermillion on 07/08/05 20:50
On Jul 8, 2005, at 12:31 PM, Edward Vermillion wrote:
>
> On Jul 8, 2005, at 12:02 PM, Ezra Nugroho wrote:
>
>>
>> I am just wondering, how could someone craft an html to steal cookies?
>> If your cookie distribution is done right, I don't think you need to
>> worry about this.
>>
>
> That's what XSS is all about. I don't have the link handy but I do
> have a PDF file that I found
> a while back that explains how this happens, and to tell the truth, it
> scared the s*** outa me.
> To the point that I really don't trust any online commerce, although I
> do still use it, just as
> I still give the waitress/waiter my credit card at a restaurant, even
> though I know that's where
> most of the identity theft/stolen CC numbers comes from.
Here's one of the links http://www.acros.si/papers/session_fixation.pdf
Edward Vermillion
evermillion@doggydoo.net
Navigation:
[Reply to this message]
|