Cookies Lack Integrity: Real-World Implications [2015] [PDF]

A cookie can contain a “secure” flag, indicating that it should be only sent over an HTTPS connection. Yet there is no corresponding flag to indicate how a cookie was set: attackers who act as a man-in-the-midddle even temporarily on an HTTP session can inject cookies which will be attached to subsequent HTTPS connections. Similar attacks can also be launched by a web attacker from a related domain. Although an acknowledged threat, it has not yet been studied thoroughly. ...

https://www.usenix.org

No related links added yet. Be the first!

Add Related Link

Join the Discussion

Auto Tier
All
1
2
3

Post Comment

Here are some other snaps you may like...

discover your
interests.

Welcome to our invite-only web community!

Thank you

Help spread the word about Snapzu:

Cookies Lack Integrity: Real-World Implications [2015] [PDF]

Join the Discussion

Here are some other snaps you may like...

Check out our front page for a lot more stuff!

How the internet’s engineers are fighting mass surveillance

You can spend $99.99 on Assassin's Creed Unity's new in-game currency

CES 2015: D-Link attempts to break 1Gbps Wi-Fi speed barrier

Wow! Rupert Murdoch's @SundayTimes sends out legal letters to shut down criticism of its #Snowden hit piece | The Daily Rupert on Twitter

NASA's Radar Found 4 Men Trapped in Rubble in Nepal By Their Heartbeats