CertiGuide to Security+  9  Chapter 2:  Communication Security (Domain 2.0; 20%)       9  2.3  The Web            9  2.3.4.2  ActiveX

2.3.4.3  Buffer Overflows 1 2 3 2.3.4.5  Signed Applets

Using Cookies for Authentication

Another issue with cookies is that they are sometimes used to cache authentication information. For example, being able to provide a cookie to a site when requested, might be interpreted as proof that you’re allowed to access the site. If someone copies the cookie from your disk, or captures it by sniffing the network, and then installs it in their Cookie directory on another machine, they’ve managed to gain access to the site without authenticating themselves. Not a problem? What if that cookie contains a session ID that is used by a bank’s web banking application to identify which checking account you’re viewing the balance of right now? (Aahh, thought you might start to care right about now…. ;-)

Practically speaking, these issues are becoming less of a concern, as sites use more sophisticated methods to maintain session state, and developers are taking more steps to help minimize the damage done by a compromised cookie, such as tying the cookie to the IP address of the machine for which it was created or including time limits in the cookie which are checked by the server before every use. If too much time has elapsed since the cookie was first created (when the user first logged in, for example), your session is considered expired and you are asked to authenticate yourself to the web server again. Nevertheless, there are still creative ways found occasionally to obtain and then use unauthorized cookies, such as those detailed at http://www.sidesport.com/hijack/ just last year, at prominent sites like Hotmail and Yahoo. Periodically an attacker will brag about finding yet another way to read someone else’s web-based email, the site will be taken down, the bug fixed, and life continues.

2.3.4.3  Buffer Overflows 1 2 3 2.3.4.5  Signed Applets