Random Cookie and Hacking

I found out that typing a website name (like hotmail) into a P2P generates a lot of cookies that could b used / exploited because stupid people share their entire drives.

Is there any way to expolit these? Like use Hotmail / Yahoo Cookies to gain Unauthorised Acess?

It is possible. The details depend on what information the script that generated the cookie stored in it. Commonly it could be user/password of an account in plain text, encrypted in some way, or the session id that would match the user's resource-set on the server. Session ids would be a bit harder to exploit mainly because of their limited validity duration. For more information about sessions, have a look here .

I think that's enough for someone to watch out with his cookies.

One notice however, the fact that some people show ignorance or neglect in this recard, does not mean they are "stupid".. they just might have more important things to do -not *everything* is about computers-. That certainly doesn't give others the right to mess with their personal stuff.

Additional Resources about Cookies,


www.cookiecentral.com/faq/

www.w3.org/Security/Faq/wwwsf2.html#CLT-Q10

www.faqs.org/rfcs/rfc2109.html

Thx for the links


@nske I yet consider sharing your entire hard drive on p2p stupid

And someone else could consider digging through other people's personal stuff more stupid. It depends on what criteria you use to make your measurements.

nice one

but then, cookies contain logins to stuff like bank / online shoppng websites .. thats not personal.. and then in case its needed, people could retrieve data without your permission.