[24567] in bugtraq
Mistype a URL? M$N knows what you typed.
daemon@ATHENA.MIT.EDU (Darren Reed)
Wed Mar 6 16:44:09 2002
From: Darren Reed <avalon@coombs.anu.edu.au>
Message-Id: <200203060042.LAA25066@caligula.anu.edu.au>
To: bugtraq@securityfocus.com
Date: Wed, 6 Mar 2002 11:42:02 +1100 (Australia/ACT)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
If you've ever used IE and typed in "ww.foo.com" into the path, you
will end up at a web page generated by an MSN web site. How did I
get this, you ask? Well, you definately cannot find anything in the
"Internet Options" panels which lets you configure this. If you
fire up regedit, under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search
you will find "CustomizeSearch" and "SearchAssistant". Unless you
want all of the URLs which fail to resolve in domain names to be
handed off to MSN. Furthermore, there are cookies involved with
these web sites. These "helpers" appear to only be used when there
are no proxies enabled but it would be a nice if there was an easier
way to stop Microsoft knowing every bad URL that gets typed, etc,
by those with no proxy.
FWIW, for me CustomizeSearch defaults to:
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
and SearchAssistant to:
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Darren
