From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 26 Jan 1998 15:48:22 +0800
To: cypherpunks@toad.com
Subject: Re: NYTimes web cookies
In-Reply-To: <v0310280ab0f19f4f8fdc@[208.129.55.202]>
Message-ID: <HoiwJe2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain



Steve Schear <schear@lvdi.net> writes:

> At 1:52 PM -0500 1/25/98, Matthew Ghio wrote:
> >> Cookies and the NYTIMES subscription: NYTIMES.COM tries to store your
> >> userid and password in the cookie with keywords PW= and ID=. Problem is,
> >> it tries to encode them using 8-bit characters. Lucky for us, at this time
> >> NYTIMES.COM does not check if userid/password are valid, just that they're
> >> a part of the cookie!! So, just add these two lines to your junkbuster
> >> config:
> >>
> >> wafer PW=0
> >> wafer ID=0
> >>
> >> and nytimes.com will greet you as "0" and let you right in.
> >
> >
> >It doesn't check the PW or ID at all except the first time you log in.
> >After that it generates a new cookie titled NPLCNYT and that is the only
> >cookie it checks; the PW and ID are not required to be there at all.
> >If you delete the NPLCNYT cookie, it will check the PW/ID and generate
> >a new one.  An example cookie is below:
> >
> >NPLCNYT=AAAALw>AAAAAX9IUUWiPhfALqHZuSh2mUM0yzNOwGRReAAAAAsAAAAAY3lwaGVycHVua
>
> Anyone have something similar for the WSJ?

www.wsj.com is a pay site ($49 | $29 / annum).
Someone (not me) might want to post the details
of their subscription so everyone else could use it;
I suspect that the folks running wsj.com might object.

I messed around some more with various sites that use cookies.

1. .CNN.com wants to set the following 4 cookies for "cypherpunks cypherpunks":

PNAA=:Ypgxlx L. Egdfbd'sZAQF0:
(i.e. Random Q. Hacker)
PNAB=:01884:
PNAC=:CVGTEOZRSBY:
CNN_CUSTOM=1 path=/customnews

Problem is, the last one needs the path and there'e no way to fake path
in junkbusters wafer.  I simply put cnn.com in the cookie file momentarily,
logged in to let it set the cookie, then changed it to ">cnn.com" to filter
out any updates to these 4 cookies.

2. www.economist.com has a freebie "cypherpunks cypherpunks" account. The
cookie is:

wafer econ-key=4GgOaV1a

Perhaps someone cares to set up a paid account for group use.

3. foxnews.com doesn't allow "cypherpunks" (too long); "cypherpunk" is
already taken, and I couldn't guess the password.  Would the entity
responsible please set the password to what we all expect it to be. :-)

4. avweb.com (aviation site) cypherpunks cypherpunks
wafer AVweb_Auth=Y3lwaGVycHVua3M6Y3lwaGVycHVua3M=

5. .reba.com (country music) cypherpunks cypherpunks
wafer RebaNet%5FPWD=cypherpunks
wafer RebaNet%5FUID=cypherpunks

6. http://www.netstrike.com:8080/ cypherpunks cypherpunks
wafer WB-User=cypherpunks
wafer WB-Pass=cypherpunks

7. .citywire.com aka .nyrealty.com - manhattan real estate
 Random Q. Hacker cypherpunks@algebra.com cypherpunks
wafer primary_nyrealtyid=Ra34cbf1b0a7d1c
wafer nyrealtyid=Ra34cbf1b0a7d1c

8. .netscape.com, .mcom.com
wafer NETSCAPE_ID=10010408,121ee744
wafer NSCP-US-DOWNLOAD=pkjbcTTL5OYAAAAAYRr3d8towI7Tj4v3nJwgig==

(Should somebody set up a cypherpunks microsoft login for downloading
all the patches and bug fixes they put out?)

Given the number of these things, it seems that sending them out with
every nntp request as a wafer wastes too much bandwidth.  Can someone
recommend a good program for editing the cookie file? I'm too lasy
to write it myself.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps