[16703] in bugtraq
Re: Posible privacy problem in Explorer.
daemon@ATHENA.MIT.EDU (Kevin van der Raad)
Mon Sep 11 13:08:53 2000
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------24B9578A79B247F3D187CF62"
Message-ID: <39BCCE84.1A2E6BD6@itsec.nl>
Date: Mon, 11 Sep 2000 14:22:28 +0200
Reply-To: k.van.der.raad@itsec.nl
From: Kevin van der Raad <k.van.der.raad@itsec.nl>
X-To: aleph1@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
This is a multi-part message in MIME format.
--------------24B9578A79B247F3D187CF62
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
I had another folder location:
C:\WINNT\Profiles\<user>\Application Data\Microsoft\Internet
Explorer\UserData\...
I found some useful information about this technique at the following
address:
http://www.siteexperts.com/ie5/tips/ts01/page1.asp
Can a page access other pages UserData?
Elias Levy wrote:
>
> This indeed seems to be the case. Deleting all cookies, emptying the cache
> and removing everything from the Temporary Internet Files folder does
> not make a difference. The web site still displays the saved queries.
>
> After some digging around I found where the data is stored (at least
> in my machine). On my Windows NT 4.0 machine running IE 5 the data
> is stored under C:\WinNT\Profiles\<user>\UserData\81urcl6v\oQRStore[1].xml
> It seems some ActiveX control is being use to save XML to the local machine.
>
> Not a big problem but certainly a privacy issue. Advertisers would love
> to use something like this so this since the user is not aware of where
> the data is stored.
>
> --
> Elias Levy
> SecurityFocus.com
> http://www.securityfocus.com/
> Si vis pacem, para bellum
>
> Message-ID: <39B84795.8A32DC4F@redestb.es>
> Date: Fri, 08 Sep 2000 03:57:41 +0200
> From: "Guille (Bisho)" <guille@redestb.es>
> Reply-To: bisho@eurielec.etsit.upm.es
> Organization: Eurielec
> To: bugtraq <BUGTRAQ@SECURITYFOCUS.COM>
> Subject: Posible privacy problem in Explorer.
>
> In the Microsoft website http://search.msn.com.mx the use a method to
> store the searchs done in his search engine, but without cookies and
> without login&password. You could deactivate the cookies, delete them,
> log off your ISP, close the explorer, reboot, and the data will be there
> again.
>
> The link to the script is: <A CLASS='CLSSAVE' HREF=""
> onClick="StoreResult( 1, 'DE' );return false;" ID='DES1'>
>
> The function is inside:
> <SCRIPT SRC="searchui_IE5.js" LANGUAGE="JScript">
> This is an ugly script without newlines. I have procesed ir a bit to
> make it more readable:
> $ cat searchui_IE5.js | awk '{ gsub(";", ";\n") } { gsub("}"," }\n") }
> { gsub("{"," {\n") } { gsub("function","\n\nfunction") } { print $0 }'
>
> The results are in:
> http://www.eurielec.etsit.upm.es/~bisho/searchui_IE5.js.txt
>
> It uses the called "User Data Persistence" technology, from Microsoft.
>
> Extracted from the microsoft knowledge database:
> ---------------------------------------------
> Persistence
>
> One big pain in the neck for users on the Web is going to a Web page,
> modifying it the way they want it, leaving, then returning to the site
> to find it's not the same: the trees are collapsed, forms filled-out
> have disappeared, and the page must be reset. Internet Explorer 5.0
> takes some of this pain away by providing Web-page persistence via a
> scripting tag.
>
> Internet Explorer 5.0 provides four types of persistence:
>
> [...]
> User Data Persistence: Allows an XML-based storage methodology for
> saving large amounts of user data. If you have a large amount of data
> that you want to save from some point in time (for example, all of your
> favorite sport's teams' scores for the last 10 years), you can use
> persistence rather than cookies.
> [...]
>
> ---------------------------------------------
>
> The problem:
> Most people deactivate Cookies, or set it in the warn level, but the
> "User Data Persistence" has not warn level, and is oculted far away of
> the cookies security options. this could be used to track users without
> their knowledge, when they espect to be safe without cookies.
>
> --
> \|||||||/ Guillermo Pérez Pérez
> < o o > - bisho@onirica.com
> \ L / - bisho@eurielec.etsit.upm.es
> -oOOo-------oOOo-
> Onírica: Análisis, diseño e implantación de soluciones informáticas
> http://www.onirica.com
--------------24B9578A79B247F3D187CF62
Content-Type: text/x-vcard; charset=us-ascii;
name="k.van.der.raad.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Kevin van der Raad
Content-Disposition: attachment;
filename="k.van.der.raad.vcf"
begin:vcard
n:Raad, van der;Kevin
tel;fax:+31 23 534 54 77
tel;work:+31 23 542 05 78
x-mozilla-html:FALSE
url:http://www.itsec.nl
org:ITsec Nederland B.V.;Exploit & Vulnerability Alerting Service
adr:;;Postbus 5120;Haarlem;NL;2000 GC;The Netherlands
version:2.1
email;internet:k.van.der.raad@itsec.nl
title:BEng, Software Engineer
fn:Kevin van der Raad
end:vcard
--------------24B9578A79B247F3D187CF62--
