Web Browsers
  1. Home
  2. Computing & Technology
  3. Web Browsers
Scott Orgera
Scott's Web Browsers Blog

By Scott Orgera, About.com Guide to Web Browsers

Safari Users May Get Cooked

Wednesday July 30, 2008

Cross-Site Cooking is a term that describes performing a session fixation attack in order to hijack an unsuspecting user's HTTP session. An attacker issues a fixed session ID, via a specially crafted cookie, to a user's browser. This forces the browser into using a chosen session rather than allowing it to exhibit its normal behavior of generating a random session ID. If exploited correctly, Cross-Site Cooking can expose a victim's sensitive data.

It turns out that Apple's Safari browser is vulnerable to this type of attack. Heise Security has provided details of the vulnerability, stating that a hacker could potentially spy on a victim's connection if the attack is carried out correctly. The flaw lies in the way Safari handles cookies in multi-part top level domains such as .co.uk and .com.au. A fix has not been issued yet so you may want to use an alternate browser in the meantime.

(Photo © julos - #14965481/stockxpert)

Comments

No comments yet. Leave a Comment

Leave a Comment

Line and paragraph breaks are automatic. Some HTML allowed: <a href="" title="">, <b>, <i>, <strike>

Explore Web Browsers
About.com Special Features

Holiday Central

What to eat, where to go, fun things to do and how to save money on the perfect gifts. More >

Family Tech Center

Stay connected and entertained with reviews on tips on the latest HDTVs, cellphones and more. More >

Web Browsers
  1. Home
  2. Computing & Technology
  3. Web Browsers

©2009 About.com, a part of The New York Times Company.

All rights reserved.