Bugtraq: RE: Bypassing cookie restrictions in IE 5+6

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

RE: Bypassing cookie restrictions in IE 5+6

From: "Christopher G. Lewis" <Chris () ChristopherLewis com>
Date: Tue, 6 Aug 2002 15:21:48 -0500

Jelmer  -

Bypassing cookie restrictions in IE 5+6

Description

  <snip>

This behaviour completely ignores the privacy settings and allows 
website owners and advertisers to start tracking your every move once 
again.

  <snip>

Workaround:

disable active scripting


If you turn off userdata persistence in the security zone, you can
completely turn off userdata.
Tools|Internet Options
  Security Tab
  Custom Level Button
    <last option in Miscellaneous>
    Userdata persistence
      <set to>Disable

But yes, MS should use the "Per-Site Privacy Actions" that are available
with cookies for UserData 

Chris

-----Original Message-----
From: Jelmer [mailto:jelmer () kuperus xs4all nl]
Sent: Saturday, August 03, 2002 8:43 PM
To: bugtraq () securityfocus com; secure () microsoft com
Subject: Bypassing cookie restrictions in IE 5+6

By Date By Thread

Current thread:

Bypassing cookie restrictions in IE 5+6 Jelmer (Aug 06)
- RE: Bypassing cookie restrictions in IE 5+6 GreyMagic Software (Aug 06)
- <Possible follow-ups>
- RE: Bypassing cookie restrictions in IE 5+6 Christopher G. Lewis (Aug 06)