Comment Re:Uh... (Score 1) 308
Okay... Leaving browser exploits out of it for the moment, though, isn't cookie access restricted to the domain that set it?
Yes and no. Yes, standard browser settings restrict a cookie to be read by a single domain. But most advertising networks put the cookie on the root domain of the network. So if EBay and Slashdot have the same advertising network, Ebay can pass what you bought to the ad network and through a hidden iframe or various other techniques load a page at the ad network. Which then sets the cookie on your computer from the ad network. Next time you visit Slashdot, it loads a hidden iframe with a page at the ad network, which loads the cookie, and passes the data on to Slashdot.
I'm sure there's probably even easier techniques than the one I came up with as a "can I do this" exercise one rainy day.