[Wikipedia-l] Safari browser cookie vulnerability

[Brion Vibber]

Just FYI for Mac OS X users: Safari has a bug (also present in some old 
versions of Mozilla / Netscape 6.x) which makes it possible for 
third-party sites to steal domain cookies.

Hypothetically, this could allow a site you visit (even accidentally, 
or as an inline image) to steal your temporary session cookies and your 
stored password (if you selected "remember my password") from 
Wikipedia. A stolen password cookie could be used to login to the wiki 
with your user name; hijacking a session cookie may be possible as 
well.

I've tightened up the cookie settings on all other Wikipedias so that 
if you clear any old cookies you might have from them, the new cookies 
should no longer be vulnerable to this bug (because they will be set 
only for a specific hostname, eg fr.wikipedia.org, and the technique 
doesn't work on such a cookie). However the 
en.wikipedia.org/en2.wikipedia.org setup currently requires using the 
domain cookie to share sessions between the two servers and remains 
vulnerable. (Not to mention all those other web sites out there!)

If you're using Safari, consider clearing your stored cookies and 
disabling accepting new cookies until Apple releases a fix. Mozilla 1.5 
and Camino 0.7 are not vulnerable and are very functional browsers.

-- brion vibber (brion @ pobox.com)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.wikimedia.org/pipermail/wikipedia-l/attachments/20031121/f88de856/attachment.pgp