Might want to warn MSIE users about this:

Any Web site that uses cookies to authenticate users or store private information – including Amazon.com, HotMail, Yahoo Mail, DoubleClick, MP3.com, NYTimes.com, and thousands of others – could have cookies exposed by Internet Explorer and intercepted by a third-party Web site.


Explains it much better than I could. I tried it with my SDMB cookie, and my password was stored, unencrypted, right in the cookie, visible to whoever wanted to take it.

I posted this here so the mods could decide what to do with it. Don’t want to cause undue panic, but it’s a reason to be cautious!

Not to cause a panic here or anything, but you’re right.

Security on the Net is mostly a myth.

It goes deeper than that; I’m sure most of you were not aware of this, but any system administrator can read a server log and see passwords all day long. You are dependent upon their goodwill and trusting that they will not use this information in ways that would hurt you.

It’s like sitting down with strangers for a friendly game of poker; you wanna believe in everybody . . . but just the same, you cut the cards.

Use different passwords for everything.

Change them often.

Be mindful that while most people do have good intentions, there’s always some jerk out there who doesn’t. Hopefully you won’t run into that jerk . . . today.

your humble TubaDiva

This exploit works for any browser using Javascript, so you can include Netscape in your warning. I’ve seen it work on both browsers.

According to Peacefire, MSNBC, CNET, ComputerWorld, Newsbytes, and my own experimentation this is not so. It works in a browser using JavaScript and not handling % codes in URLs correctly. I can’t duplicate the exploint in Netscape 4.72 or Opera 4.0 beta 3.

How do you do it in Netscape?