Welcome to the MacNN Forums.

kangoo_boo · 09:31 AM

There is a hole in safari cookie checking which allows cookie stealing (pass etc)
see it here:
http://www.insecure.ws/article.php?s...31119022325244

and here
http://lists.insecure.org/lists/bugt.../Nov/0206.html

Gul Banana · Nov 19, 2003, 08:13 AM

It seems OmniWeb isn't vulnerable

mitchell_pgh · Nov 19, 2003, 08:40 AM

That sucks... but you would need to go to a site that is trying to steal your info for it to be a big deal.

Apple should put this in the 10.3.2 update as a fix.

kangoo_boo · Nov 19, 2003, 09:56 AM

buh
doesn't updates my subject when i want to correct the typing

Millennium · Nov 19, 2003, 01:06 PM

Originally posted by mitchell_pgh:
That sucks... but you would need to go to a site that is trying to steal your info for it to be a big deal.

And we all know that no one would want to steal info about eBay accounts, for example?

This is a critical problem. I could code up an exploit for this without breaking a sweat.

Apple should put this in the 10.3.2 update as a fix.[/B]

This should be fixed in both 1.1 and 1.0; it's that serious. I'm not going to insist that Apple backport 1.1 to Jaguar, but security holes do need to be dealt with.

Fotek2001 · Nov 19, 2003, 01:46 PM

That's enough to make me stop using Safari until it's fixed. It would be so easy to exploit this it's untrue and I know it's only a matter of time before someone tries... NOT good

mitchell_pgh · Nov 19, 2003, 06:41 PM

The new security update didn't fix this...

mcsjgs · Nov 19, 2003, 07:25 PM

Any ideas on temporary workaround?

Delete all cookies?

Safari>preferences>security>showcookies>remove all

Delete cache?

Delete history?

All comments appreciated

Macola · Nov 19, 2003, 07:51 PM

My one reason for not using Safari as my primary browser was its poor cookie handling options compared to others. Now I'm glad I stuck with Camino.

mcsjgs · Nov 20, 2003, 12:38 AM

I don't like to rant, but where the devil is Apple's quality control these days? This is an old, identified, known problem. It smacks of negligence to allow this to occur. If someone gets their identity stolen or has their accounts messed with, is Apple responsible? A lot of lawyers and courts would say yes. Please fix this asap.

Love Calm Quiet · Nov 20, 2003, 07:52 AM

proton · Nov 20, 2003, 09:34 AM

As a note, if you're behind a proxy this will stop the exploit in many cases. The proxy often either won't allow the connection through with the %00 in the URL, or they'll try and resolve the domain with it in place, and not find anything useful.

- proton

mitchell_pgh · Nov 20, 2003, 09:52 AM

For myself, this isn't a major issue unless someone wants into my MacNN account...

And that only means +1 for me.

But seriously. I'm surprised that this wasn't thrown into the security update.

I would even be happy if they said "Redownload Safari".

larkost · Nov 20, 2003, 11:21 AM

Macola, have you checked at the link to see if Camino is veunerable? It is a Mozilla browser, and that was where the exploit was first found...

I think this is the first time I have ever seen a "buffer under-run" exploit...

mike one · Nov 20, 2003, 01:33 PM

wonder if privoxy prevents this...prolly.
time to turn it back on.

Macola · Nov 20, 2003, 02:19 PM

Originally posted by larkost:
Macola, have you checked at the link to see if Camino is veunerable? It is a Mozilla browser, and that was where the exploit was first found...

I tried Camino (0.7, build 2003030613) and it doesn't appear to be vulnerable.

mcsjgs · Nov 20, 2003, 02:48 PM

It's worth noting that the website

http://www.insecure.ws/

where the problem was reported says Safari 1.1 and earlier.

I can't test 1.0 since the upgrade, but someone might want to check on this.

kangoo_boo · Nov 20, 2003, 03:07 PM

http://www.insecure.ws/article.php?s...31119022325244

i posted how to turn cookies off.
People on butraq have trouble understanding the meaning of a button when it's written on it. (Yes, i'm like that cause they posted the bug just after me, so i have no credit ^.^)

(I doubt the guy have seen my page and posted though, just no luck)

Mike S. · Nov 20, 2003, 06:54 PM

I can't test 1.0 since the upgrade, but someone might want to check on this.

I tested the latest Safari for Jaguar and it to is vulnerable.

One more reason for me not to use it... I want my OmniWeb 5 so Apple can see what a real, modern Mac browser should be like

Cadaver · Nov 21, 2003, 01:13 AM

I've switch for now to Firebird. I use several online banking services, mutual fund services, etc. I'd like to continue to keep it private.

Anyway, I'm growing quite fond of the new look of the current Firebird builds. Kind of what Safari should look like without all the brushed metal (and no, demetalizing Safari doesn't make it look any better).

mcsjgs · Nov 21, 2003, 05:04 PM

Macintouch.com is reporting a fix for the cookies stealing problem with a program written by hetima.com. See here for more details:

Hetima Cookies Stealing Fix

It is a patch for Safari so use at your own risk. It does appear to stop the problem.

Groovy · Nov 22, 2003, 12:11 PM

Originally posted by mcsjgs:
Macintouch.com is reporting a fix for the cookies stealing problem with a program written by hetima.com. See here for more details:

Hetima Cookies Stealing Fix

It is a patch for Safari so use at your own risk. It does appear to stop the problem.

just installed and the fix works great and even LOGS the web site that tried to steal your cookies.

wow that sound so funny saying that

pdot · Nov 23, 2003, 06:37 AM

Originally posted by Groovy:
just installed and the fix works great and even LOGS the web site that tried to steal your cookies.

wow that sound so funny saying that

Now you can bookmark those sites and feed it cookies for fun...like a zoo, yeah. BTW, the site is in Japanese in case others want to know.