[16665] in bugtraq
Re: Posible privacy problem in Explorer.
daemon@ATHENA.MIT.EDU (Elias Levy)
Fri Sep 8 16:24:15 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-Id: <20000908125619.D23495@securityfocus.com>
Date: Fri, 8 Sep 2000 12:56:19 -0700
Reply-To: aleph1@SECURITYFOCUS.COM
From: Elias Levy <aleph1@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <39B84795.8A32DC4F@redestb.es>
This indeed seems to be the case. Deleting all cookies, emptying the cache
and removing everything from the Temporary Internet Files folder does
not make a difference. The web site still displays the saved queries.
After some digging around I found where the data is stored (at least
in my machine). On my Windows NT 4.0 machine running IE 5 the data
is stored under C:\WinNT\Profiles\<user>\UserData\81urcl6v\oQRStore[1].xml
It seems some ActiveX control is being use to save XML to the local machine.
Not a big problem but certainly a privacy issue. Advertisers would love
to use something like this so this since the user is not aware of where
the data is stored.
--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
Message-ID: <39B84795.8A32DC4F@redestb.es>
Date: Fri, 08 Sep 2000 03:57:41 +0200
From: "Guille (Bisho)" <guille@redestb.es>
Reply-To: bisho@eurielec.etsit.upm.es
Organization: Eurielec
To: bugtraq <BUGTRAQ@SECURITYFOCUS.COM>
Subject: Posible privacy problem in Explorer.
In the Microsoft website http://search.msn.com.mx the use a method to
store the searchs done in his search engine, but without cookies and
without login&password. You could deactivate the cookies, delete them,
log off your ISP, close the explorer, reboot, and the data will be there
again.
The link to the script is: <A CLASS='CLSSAVE' HREF=""
onClick="StoreResult( 1, 'DE' );return false;" ID='DES1'>
The function is inside:
<SCRIPT SRC="searchui_IE5.js" LANGUAGE="JScript">
This is an ugly script without newlines. I have procesed ir a bit to
make it more readable:
$ cat searchui_IE5.js | awk '{ gsub(";", ";\n") } { gsub("}"," }\n") }
{ gsub("{"," {\n") } { gsub("function","\n\nfunction") } { print $0 }'
The results are in:
http://www.eurielec.etsit.upm.es/~bisho/searchui_IE5.js.txt
It uses the called "User Data Persistence" technology, from Microsoft.
Extracted from the microsoft knowledge database:
---------------------------------------------
Persistence
One big pain in the neck for users on the Web is going to a Web page,
modifying it the way they want it, leaving, then returning to the site
to find it's not the same: the trees are collapsed, forms filled-out
have disappeared, and the page must be reset. Internet Explorer 5.0
takes some of this pain away by providing Web-page persistence via a
scripting tag.
Internet Explorer 5.0 provides four types of persistence:
[...]
User Data Persistence: Allows an XML-based storage methodology for
saving large amounts of user data. If you have a large amount of data
that you want to save from some point in time (for example, all of your
favorite sport's teams' scores for the last 10 years), you can use
persistence rather than cookies.
[...]
---------------------------------------------
The problem:
Most people deactivate Cookies, or set it in the warn level, but the
"User Data Persistence" has not warn level, and is oculted far away of
the cookies security options. this could be used to track users without
their knowledge, when they espect to be safe without cookies.
--
\|||||||/ Guillermo Pirez Pirez
< o o > - bisho@onirica.com
\ L / - bisho@eurielec.etsit.upm.es
-oOOo-------oOOo-
Onmrica: Analisis, diseqo e implantacisn de soluciones informaticas
http://www.onirica.com
