Home page logo
/

bugtraq logo Bugtraq mailing list archives

Posible privacy problem in Explorer.
From: "Guille (Bisho)" <guille () REDESTB ES>
Date: Fri, 8 Sep 2000 03:57:41 +0200

In the Microsoft website http://search.msn.com.mx the use a method to
store the searchs done in his search engine, but without cookies and
without login&password. You could deactivate the cookies, delete them,
log off your ISP, close the explorer, reboot, and the data will be there
again.

The link to the script is: <A CLASS='CLSSAVE' HREF=""
onClick="StoreResult( 1, 'DE' );return false;" ID='DES1'>

The function is inside:
<SCRIPT SRC="searchui_IE5.js" LANGUAGE="JScript">
This is an ugly script without newlines. I have procesed ir a bit to
make it more readable:
$ cat searchui_IE5.js | awk '{ gsub(";", ";\n") } { gsub("}"," }\n") }
{ gsub("{"," {\n") } { gsub("function","\n\nfunction") } { print $0 }'

The results are in:
http://www.eurielec.etsit.upm.es/~bisho/searchui_IE5.js.txt

It uses the called "User Data Persistence" technology, from Microsoft.

Extracted from the microsoft knowledge database:
---------------------------------------------
Persistence

One big pain in the neck for users on the Web is going to a Web page,
modifying it the way they want it, leaving, then returning to the site
to find it's not the same: the trees are collapsed, forms filled-out
have disappeared, and the page must be reset. Internet Explorer 5.0
takes some of this pain away by providing Web-page persistence via a
scripting tag.

Internet Explorer 5.0 provides four types of persistence:

[...]
User Data Persistence: Allows an XML-based storage methodology for
saving large amounts of user data. If you have a large amount of data
that you want to save from some point in time (for example, all of your
favorite sport's teams' scores for the last 10 years), you can use
persistence rather than cookies.
[...]

---------------------------------------------

The problem:
Most people deactivate Cookies, or set it in the warn level, but the
"User Data Persistence" has not warn level, and is oculted far away of
the cookies security options. this could be used to track users without
their knowledge, when they espect to be safe without cookies.

--
     \|||||||/    Guillermo Pérez Pérez
     < o   o >      - bisho () onirica com
      \  L  /       - bisho () eurielec etsit upm es
 -oOOo-------oOOo-
 Onírica: Análisis, diseño e implantación de soluciones informáticas
          http://www.onirica.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]