[16521] in bugtraq
Re: Microsoft Word documents that "phone" home
daemon@ATHENA.MIT.EDU (cassius@HUSHMAIL.COM)
Sat Sep 2 14:30:01 2000
Mime-Version: 1.0
Content-Type: multipart/mixed;
boundary="Hushpart_boundary_mxWUGqzOmbVZKvfXkwJzdIvdgUszUNRk"
Message-Id: <200009012236.PAA22610@mail5.hushmail.com>
Date: Fri, 1 Sep 2000 15:39:22 -0800
Reply-To: cassius@HUSHMAIL.COM
From: cassius@HUSHMAIL.COM
To: BUGTRAQ@SECURITYFOCUS.COM
--Hushpart_boundary_mxWUGqzOmbVZKvfXkwJzdIvdgUszUNRk
Content-type: text/plain
Scott from Microsoft Security Response Center wrote...
> - It spins dire scenarios of people being "tracked", without
> acknowledging just how difficult it would be to actually correlate
> information like an IP address to a person's identity.
There are some things you could do with the URL.
What if you suspect confidential docs are being forwarded to competitors?
It can only be Alice or Bob but you aren't sure. You send a seperate document
to each.
Alice.doc has a hidden link to http://yoursite/pic.gif?id=alice
Bob.doc has a link to http://yoursite/pic.gif?id=bob
After sending them you see hits on pic.gif?id=bob from evilcompetitor
You could spank Bob and remove him from the confidential mailing list but
you couldn't fire him.
The hit from evilcompetitor could have been anybody including Alice.
-Cassius
--Hushpart_boundary_mxWUGqzOmbVZKvfXkwJzdIvdgUszUNRk--
IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.
