It appears that the GIFAR attack I mentioned yesterday is going to be this month’s DNS issue; it’s one of the most-active incoming queries for my blog today, and I didn’t even have any details about how the attack actually works.

Today John Hesman provides some more details. He also notes that this is not entirely new. One thing he does mention that really scares me is this:

It turns out that when an applet makes an HTTP request to a website the Java browser plugin will slap on the relevant cookies from the browser cookie store (even if the applet is unsigned).

I’m guessing it won’t be long until someone finds creative uses for this. How about a cool new video on YouTube called “Pamela Anderson Sex Video!”; many people would love to see this, and since it’s 18+ rated you’d have to sign in with your YouTube-account before viewing it. Embedding code into the video itself might be complicated, but your usericon in the comments for the video makes a nice insertion point…