Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Microsoft Word documents that "phone" home
From: cassius () HUSHMAIL COM
Date: Fri, 1 Sep 2000 15:39:22 -0800

Scott from Microsoft Security Response Center wrote...

- It spins dire scenarios of people being "tracked", without
acknowledging just how difficult it would be to actually correlate
information like an IP address to a person's identity.

There are some things you could do with the URL.

What if you suspect confidential docs are being forwarded to competitors?
It can only be Alice or Bob but you aren't sure.  You send a seperate document
to each.
Alice.doc has a hidden link to http://yoursite/pic.gif?id=alice
Bob.doc has a link to http://yoursite/pic.gif?id=bob
After sending them you see hits on pic.gif?id=bob from evilcompetitor

You could spank Bob and remove him from the confidential mailing list but
you couldn't fire him.
The hit from evilcompetitor could have been anybody including Alice.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]