[16674] in bugtraq
Privacy issue: userData & saveSnapshot Behavior in Explorer
daemon@ATHENA.MIT.EDU (Guille (Bisho))
Sat Sep 9 02:25:14 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-Id: <39B9835C.2CB0737A@redestb.es>
Date: Sat, 9 Sep 2000 02:25:00 +0200
Reply-To: bisho@eurielec.etsit.upm.es
From: "Guille (Bisho)" <guille@REDESTB.ES>
To: BUGTRAQ@SECURITYFOCUS.COM
Sorry, I have to write again. I have just found the information about
the behaviors in explorer that could be a privacy problem.
userData Behavior
http://msdn.microsoft.com/workshop/author/behaviors/reference/behaviors/userData.asp
saveSnapshot Behavior
http://msdn.microsoft.com/workshop/author/behaviors/reference/behaviors/savesnapshot.asp
Persistence Methods in explorer
http://msdn.microsoft.com/workshop/author/persistence/overview.asp
Microsoft should:
- Gave more information to customers about this feature and their
privacy issues.
- Place the option to deactivate the feature near the cookies options.
- Give an "alert level". Currently userData could only be activated or
disabled.
Also remains to check if the saveSnapshot data is kept in the same
location of userData (in Windows 2000, Spanish version C:\Documents and
Settings\Administrador\Datos de programa\Microsoft\Internet
Explorer\UserData\0XBQ9WXY) and is deactivated from the same security
option as userData.
--
\|||||||/ Guillermo Pirez Pirez
< o o > - bisho@onirica.com
\ L / - bisho@eurielec.etsit.upm.es
-oOOo-------oOOo-
Onmrica: Analisis, diseqo e implantacisn de soluciones informaticas
http://www.onirica.com
