Category Archives: Uncategorized

Cookies Lack Integrity: Real world (Usenix Sec2015)

A cookie can contain a “secure” flag, indicating that it should be only sent over an HTTPS connection. Yet there is no corresponding flag to indicate how a cookie was set: attackers who act as a man-in-the-midddle even temporarily on … Continue reading

Posted in Uncategorized | Comments Off on Cookies Lack Integrity: Real world (Usenix Sec2015)