Re: [perpass] Don't forget St. Nsaclaus' cookies

Christian Huitema <huitema@huitema.net> Fri, 27 December 2013 22:14 UTC

MIME-Version: 1.0
To: Dean Willis <dean.willis@softarmor.com>, perpass <perpass@ietf.org>
From: Christian Huitema <huitema@huitema.net>
Date: Fri, 27 Dec 2013 12:14:11 -1000
Content-Type: multipart/alternative; boundary="_65EA7D5B-2E3B-4C0A-A18C-11C6EB206385_"
Subject: Re: [perpass] Don't forget St. Nsaclaus' cookies
Precedence: list
Message-ID: <20140418084351.2560.96469.ARCHIVE@ietfa.amsl.com>

At a minimum, never send third party cookies over unencrypted links.

-----Original Message-----
From: "Dean Willis" <dean.willis@softarmor.com>
Sent: ‎12/‎26/‎2013 8:24 PM
To: "perpass" <perpass@ietf.org>
Subject: [perpass] Don't forget St. Nsaclaus' cookies

Article link, cookies combined with leaky non-enc location data target users for exploits. Encrypt everything, dude!
"NSA reportedly leveraging Google cookies and leaked mobile location data to identify hacking targets" http://feedly.com/k/1co0lQ5

[perpass] Don't forget St. Nsaclaus' cookies Dean Willis
Re: [perpass] Don't forget St. Nsaclaus' cookies Christian Huitema