Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Posible privacy problem in Explorer.
From: "http-equiv () excite com" <http-equiv () excite com>
Date: Sat, 9 Sep 2000 13:29:20 -0700

"Guille Bisho" <guille () REDESTB ES> wrote in message
news:39B84795.8A32DC4F () redestb es   

(snip possible good catch)


Good possiblity something fishy going on there. The XMLHTTP object is
installed and registered with IE5 and functions without prompt under default
settings. The example code below will send an HTTP request to MS, fetch and
parse as html the response:

  <script>
function SubmitTrackingInfo(){
var objHTTP = new ActiveXObject("Microsoft.XMLHTTP")
objHTTP.open("GET", "http://www.microsoft.com";, false)
objHTTP.send()
xmlDoc=objHTTP.responseText
document.write("<html>" + xmlDoc + "</html>")
}
SubmitTrackingInfo()
</script>

In the case of the search.msn.com example. There is additional data being
sent back to the server: objHTTP.send("BSTR")}function fnInit(store).
Clearly the name of the function firing all this: "SubmitTrackingInfo" can
suggest some things. More so the recent "ballyhoo'd" anouncement by MS to
allow greater control over privacy for their customers, with the addition of
a "cookie" privacy control add-on for Internet Explorer 5:

http://www.microsoft.com/presspass/features/2000/jul00/07-20cookies.asp

So, while _everyone_ else's "cookies" are curtailed by this privacy add-on
for Internet Explorer, Microsoft's operations utilise this method of
'non-cookie" tracking?

Conspiracy theory of course ;-)  but perhaps worth investigating thoroughly
by someone with experience as to what exactly is going on?



---
http://www.malware.com







.





_______________________________________________________
Say Bye to Slow Internet!
http://www.home.com/xinbox/signup.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]