[16523] in bugtraq
Re: Microsoft Word documents that "phone" home
daemon@ATHENA.MIT.EDU (Brad)
Sat Sep 2 15:10:39 2000
Message-ID: <39B0F572.15668.35F0ED0@localhost>
Date: Sat, 2 Sep 2000 12:41:22 +1000
Reply-To: gryphonn@austarnet.com.au
From: Brad <gryphonn@austarnet.com.au>
X-To: Microsoft Security Response Center <secure@MICROSOFT.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <C10F7F33B880B248BCC47DB446738847349026@red-msg-07.redmond.corp.microsoft.com>
In reply to:
Sender: Microsoft Security Response Center <secure@MICROSOFT.COM>
Subject: Re: Microsoft Word documents that "phone" home
Dated: 1 Sep 2000,
Time: 7:27
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Hi Kris -
>
> Thanks for your note. I think we may be in violent *agreement*
> here.<g>
>
> We think it's a great idea to talk about this issue, and we do want to
> make sure that our customers understand the pros and cons of
> web-enabled applications. Specifically, we are glad to participate in
> a dialogue about cookies, the risk they pose, and how to control them.
*snip*
> - It pays scant attention to the fact that customers already have the
> tool to control cookies in their hands, namely, IE. Customers who
> have used the Security Zones setting in IE to restrict how cookies are
> handled are automatically protected against all cookies, regardless of
> whether the web session was initiated by web surfing or by a
> web-enabled application.
Hi all.
May I draw your attention to the following link describing how MSN
has set up a number of hidden re-directs in order to place a GUID in
a cookie for tracking purposes.
http://www.pc-help.org/privacy/ms_guid.htm
This leads to possibilities of expanding on the phone home feature of
applications and/or documents being further exploited.
Cheers,
Brad
***********************************
Bradley.N.Griffin
Gryphonn Design
Web Design
Computer Systems Consultant
Security Solutions
gryphonn@austarnet.com.au
ABN: 12 095 821 961
**********************************
Help save a starving child.
One click is all it takes:
http://www.thehungersite.com/
