Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Microsoft Word documents that "phone" home
From: Brad <gryphonn () austarnet com au>
Date: Sat, 2 Sep 2000 12:41:22 +1000

In reply to:
Sender: Microsoft Security Response Center <secure () MICROSOFT COM>
Subject: Re: Microsoft Word documents that "phone" home
Dated: 1 Sep 2000,
Time: 7:27


Hi Kris -

Thanks for your note.  I think we may be in violent *agreement*

We think it's a great idea to talk about this issue, and we do want to
make sure that our customers understand the pros and cons of
web-enabled applications.  Specifically, we are glad to participate in
a dialogue about cookies, the risk they pose, and how to control them.
 - It pays scant attention to the fact that customers already have the
tool to control cookies in their hands, namely, IE.  Customers who
have used the Security Zones setting in IE to restrict how cookies are
handled are automatically protected against all cookies, regardless of
whether the web session was initiated by web surfing or by a
web-enabled application.

Hi all.
May I draw your attention to the following link describing how MSN
has set up a number of hidden re-directs in order to place a GUID in
a cookie for tracking purposes.


This leads to possibilities of expanding on the phone home feature of
applications and/or documents being further exploited.


Gryphonn Design
Web Design
Computer Systems Consultant
Security Solutions
gryphonn () austarnet com au
ABN: 12 095 821 961
Help save a starving child.
One click is all it takes:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]