Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Posible privacy problem in Explorer.
From: Elias Levy <aleph1 () SECURITYFOCUS COM>
Date: Fri, 8 Sep 2000 12:56:19 -0700

This indeed seems to be the case. Deleting all cookies, emptying the cache
and removing everything from the Temporary Internet Files folder does
not make a difference. The web site still displays the saved queries.

After some digging around I found where the data is stored (at least
in my machine). On my Windows NT 4.0 machine running IE 5 the data
is stored under C:\WinNT\Profiles\<user>\UserData\81urcl6v\oQRStore[1].xml
It seems some ActiveX control is being use to save XML to the local machine.

Not a big problem but certainly a privacy issue. Advertisers would love
to use something like this so this since the user is not aware of where
the data is stored.

--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum


Message-ID: <39B84795.8A32DC4F () redestb es>
Date: Fri, 08 Sep 2000 03:57:41 +0200
From: "Guille (Bisho)" <guille () redestb es>
Reply-To: bisho () eurielec etsit upm es
Organization: Eurielec
To: bugtraq <BUGTRAQ () SECURITYFOCUS COM>
Subject: Posible privacy problem in Explorer.


In the Microsoft website http://search.msn.com.mx the use a method to
store the searchs done in his search engine, but without cookies and
without login&password. You could deactivate the cookies, delete them,
log off your ISP, close the explorer, reboot, and the data will be there
again.

The link to the script is: <A CLASS='CLSSAVE' HREF=""
onClick="StoreResult( 1, 'DE' );return false;" ID='DES1'>

The function is inside:
<SCRIPT SRC="searchui_IE5.js" LANGUAGE="JScript">
This is an ugly script without newlines. I have procesed ir a bit to
make it more readable:
$ cat searchui_IE5.js | awk '{ gsub(";", ";\n") } { gsub("}"," }\n") }
{ gsub("{"," {\n") } { gsub("function","\n\nfunction") } { print $0 }'

The results are in:
http://www.eurielec.etsit.upm.es/~bisho/searchui_IE5.js.txt

It uses the called "User Data Persistence" technology, from Microsoft.

Extracted from the microsoft knowledge database:
---------------------------------------------
Persistence

One big pain in the neck for users on the Web is going to a Web page,
modifying it the way they want it, leaving, then returning to the site
to find it's not the same: the trees are collapsed, forms filled-out
have disappeared, and the page must be reset. Internet Explorer 5.0
takes some of this pain away by providing Web-page persistence via a
scripting tag.

Internet Explorer 5.0 provides four types of persistence:

[...]
User Data Persistence: Allows an XML-based storage methodology for
saving large amounts of user data. If you have a large amount of data
that you want to save from some point in time (for example, all of your
favorite sport's teams' scores for the last 10 years), you can use
persistence rather than cookies.
[...]

---------------------------------------------

The problem:
Most people deactivate Cookies, or set it in the warn level, but the
"User Data Persistence" has not warn level, and is oculted far away of
the cookies security options. this could be used to track users without
their knowledge, when they espect to be safe without cookies.

--
     \|||||||/    Guillermo Pérez Pérez
     < o   o >      - bisho () onirica com
      \  L  /       - bisho () eurielec etsit upm es
 -oOOo-------oOOo-
 Onírica: Análisis, diseño e implantación de soluciones informáticas
          http://www.onirica.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]