Cookies are normally only visible to the site that placed them on a visitor’s hard drive and are often used to automatically log in the user. However, the operator of Consumer.net, an online site offering various consumer protection information, discovered a bug earlier this week that can give others access to the data.
Russ Smith, owner of Consumer.net, has posted detailed information on the bug. He also shows the files that were unwittingly downloaded from his site’s visitors.
Both Netscape and Microsoft said they were looking into the matter and would work with Smith to try and duplicate the problem. Smith said the bug doesn’t appear to be affecting the vast majority of those who use either browser. However, no one has determined why only certain systems have been affected.
Privacy advocates have often expressed fears that personal information stored in cookie files can be exposed to others. Although cookies tend to work perfectly most of the time, bugs like the one Smith discovered, illustrate how the technology can be abused.