Archive for the 'cookies' Category

The Web never forgets: Persistent tracking mechanisms in the wild

Tuesday, July 29th, 2014

respawn_redux [presistent cookies based on If-Modified or Etag headers]

Saturday, August 20th, 2011

An article that describes a method to create a permanent cookie based on If-Modified and Etag HTTP headers. Currently this is used in “the wild” by several banner and add networks. The method is possible because of the simplified implementation of …

respawn_redux [presistent cookies based on If-Modified or Etag headers]

Saturday, August 20th, 2011

Automated HTTPS Cookie Hijacking | fscked.org

Wednesday, September 17th, 2008

a note from security ppl that session/login cookies that normally delivered via https have to be explisidly marked as “secure” so they _only_ delivered via https. Otherwise bad ppl can hijack them.

protocols08cookies.pdf (application/pdf Object)

Thursday, May 22nd, 2008

[yet another one] proposal for secure session cookies