Comments | fallenpegasus: AOL screws up

fallenpegasus

AOL screws up

Nov 16, 2007 15:09

http://registration.aol.com requires cross-site cookies to login to one's AIM account.

This is unwise. (Which is a polite way of saying "Those dumbasses!".)

web, geek, security, aim, aol

Comments 3

papertygre November 17 2007, 05:02:06 UTC

how exactly do they require cross-site cookies and why is it bad?

fallenpegasus November 17 2007, 20:53:39 UTC

I had to go to Firefox->Edit->Preferences->Privacy->Cookies->"Allow Sites to Set Cookies"->"For Originating Site Only", and turn it off.

This allows a site to set a cookie that can be read by another site, and allows other sites to read cookies set by sites other than themselves.

ex_marahmari475 November 20 2007, 02:47:29 UTC

Ha, http://registration.aol.com/ no longer works (it now leads to what AOL bluntly calls an "Error Page").

In English that means: "Whoops, we f#ck#d up, and some guy on LiveJournal caught it, so we're taking the page down before this issue winds up on Digg.com - just like other issues wound up on Digg.com."

Gotta love AOL - "so screwed up, no wonder we're no longer #1".

I run ANTI-AOL, BTW, and you can classify my feelings for AOL as "not exactly a love affair." Nice to meet you.