[Dshield] A few issues at the DShield site.

Castle, Shane scastle at co.boulder.co.us
Thu Aug 10 18:28:11 GMT 2006


Actually it's worse.  Now, after accepting the cookie, the login screen
won't display in firefox, showing this error:

The page isn't redirecting properly          

Firefox has detected that the server is redirecting the request for this
address in a way that will never
complete.

    *   This problem can sometimes be caused by disabling or refusing to
accept
          cookies.

--
Shane Castle


-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Johannes B. Ullrich
Sent: Thursday, August 10, 2006 10:48
To: General DShield Discussion List
Cc: DShield Info
Subject: Re: [Dshield] A few issues at the DShield site...


I worked on the 'remember me' function this morning and I think I found
a stupid error with the cookie. see if its better now.


Peter Stendahl-Juvonen wrote:
> 
> Valdis et al.
> 
> Thanks for prompt reply.
> 
> Please find elaboration (on one of the DShield challenges) below your
post.
> 
> 
> 8.8.2006 17:32 (UTC+3), Valdis.Kletnieks at vt.edu kirjoitti/wrote:
>>> On Tue, 08 Aug 2006 00:25:11 +0300, Peter Stendahl-Juvonen said:
>>>> *The 'Remember me' option does not function* .  :-(
>>>>
>>>> Only once, when leaving the DShield site and returning before
closing
>>>> Firefox (1.5.0.6 FI), did I manage to avoid the redundant re-login
>>>> procedure.
>>> This is quite often the result of a cookie blocker.  Are you
accepting
>>> cookies from the DShield site?
>>>
> 
> 
> 1) Yes, am accepting cookies from the DShield site.   :-D
> 
> 2) I have also turned in the browser's settings the wiping of the
> cookies off at close of browser (exit, un-launch).
> 
> 3) For the purpose, use instead a browser extension doing the erase of
> *unprotected* cookies at start-up (launch) of the browser.
> 
> Please, however note, that I have set the DShield auto-login cookie as
a
> 'Protect[ed] cookie', which means the DShield auto-login cookie will
> stay as it is in the browser cache, until the respective (DShield in
> this case) site alters the content of the cookie.
> 
> 4) Also have classified the auto-login cookie (set by the DShield site
> into my browser's cache) as 'Protect cookie' in the privacy tool I
use.
> 
> Therefore, the privacy tool does *not* erase, i.e. wipe its contents
> beyond recovery, scramble its name and dates and finally remove it
from
> disk.
> 
> Thanks anyway for checking.  :-)
> 
> 5) Please, also accept apology for the disinformation regarding the
"one
> time automatic successful re-login" as it was unluckily clearly just
> disinformation and factually never happened, as I clarified in another
> post [8.8.2006 19:37 (UTC+3)] to this list:
> 
> (START QUOTE)
> Being able to get back into the authenticated http connection was due
to
> using the Internet browser's 'return to previous page' function.
> 
> If and when attempting to return to the DShield site by targeting for,
> e.g. URL https://secure.dshield.org/myreports.php does not invoke an
> authenticated http connection (with the help of the auto-login cookie
in
> browser cache). The DShield server changes the previously valid
content
> of the cookie to contain the text string "invalid" (without the
quotes)
> as soon attempting authentication by means of the auto-login cookie.
> 
> Unluckily, the malfunction of the 'Remember me' feature causes
multiple,
> redundant logins.   :-(
> 
> Nevertheless, please consider removing the 'Remember me' feature, if
it
> cannot be fixed (by obtainable means).
> 
> Not having the malfunctioning 'Remember me' feature available would
save
> one hand movement as well as a tick in the box (in the 'Remember me'
> fill in form).   :-)
> 
> Thanks in advance for fixing the bug (or removing of the broken
feature).
> (END OF CITATION)
> 
> 
> BTW, *the DShield site is the one and only site*, where I experience
> *issues with automated login*.
> 
> 
> Therefore, the question remains;
> *does the DShield auto-login feature work properly for someone*?
> 
> What Internet browser do you use?
> 
> 
> Does the does the DShield auto-login feature work *frequently*
properly
> for someone?
> 
> 
> Thanks in advance for any pointers.
> 
> - Pete
> 
> 
>       "Absence of proof is not proof of absence."
>         Carl Sagan (1934-1996); US astronomer.
> 
> 
> 
_________________________________________
Learn from the founder of DShield how to secure your Internet presence
with Linux, Apache, MySQL, PHP.

Las Vegas, Oct. 2nd-6th 2006

Details: http://www.sans.org/ns2006/description.php?tid=433
(Brochure Code: ISC)




_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://lists.dshield.org/mailman/listinfo/list



-- 
---------
Johannes Ullrich                        jullrich at sans.org
Chief Research Officer                     (617) 639 5000
http://isc.sans.org
PGP Key: https://secure.dshield.org/PGPKEYS

"We use [isc.sans.org] every day to keep on top of
 security at our bank" Matt, Network Administrator.





More information about the list mailing list