Buckeye9 wrote:
> dennismuXX wrote ...
>>
>> Hi, my cookies are being named some kind of encrypted type.
>>
>> ie: WNGTBJW1.txt
>>
>> Using IE8
>>
>> They are not recognizable. Is there a setting that has changed
>> recently?
>
> Microsoft changed the cookie file names to a random generated letters
> as part of the last security update which was issued in August.
That's a good thing. As I recall, Java[script] cannot list the files in
a folder but ActiveX components can (with which you can use Javascript;
http://ns7.webmasters.com/caspdoc/ht...ect_object.htm).
Some web page could look at the cookies names to determine where you
were before you visited their site. Since the domain names were in the
cookie .txt files, it was easy for a site to see that you had previously
visited eBay, PayPal, which banks, which credit card issuer sites, your
hospital, your insurer's site, your real estate agent's site, or
wherever else you went within that IE session (and other IE sessions if
you do not configure IE to purge its TIF file on exit). They can
compile a whole history of where you surfed before by looking at the
filenames for the cookie .txt files. Now they'll just see garbage and
have to use other means of drilling out your web navigation history.
http://www.microsoft.com/technet/sec.../MS11-057.mspx
Although not mentioned in this security update, other users (e.g.,
http://securitygarden.blogspot.com/2...winpatrol.html)
have confirmed that cookie naming got randomized after this update was
installed.
http://blogs.msdn.com/b/ieinternals/...ie-naming.aspx
This mentions the cookie renaming got added to IE9. Apparently
Microsoft decided to migrate this security feature to prior versions of
IE, too.
Similar Threads
Linear Mode
