Bugtraq mailing list archives

Re: Microsoft Word documents that "phone" home

From: cassius () HUSHMAIL COM
Date: Fri, 1 Sep 2000 15:39:22 -0800


Scott from Microsoft Security Response Center wrote...

- It spins dire scenarios of people being "tracked", without
acknowledging just how difficult it would be to actually correlate
information like an IP address to a person's identity.


There are some things you could do with the URL.

What if you suspect confidential docs are being forwarded to competitors?
It can only be Alice or Bob but you aren't sure.  You send a seperate document
to each.
Alice.doc has a hidden link to http://yoursite/pic.gif?id=alice
Bob.doc has a link to http://yoursite/pic.gif?id=bob
After sending them you see hits on pic.gif?id=bob from evilcompetitor

You could spank Bob and remove him from the confidential mailing list but
you couldn't fire him.
The hit from evilcompetitor could have been anybody including Alice.

-Cassius

Current thread:

Re: Microsoft Word documents that "phone" home, (continued)
- - Re: Microsoft Word documents that "phone" home Terje Bless (Sep 02)
  - Re: Microsoft Word documents that "phone" home Brad (Sep 02)
  - Other file formats that can "phone" home Richard M. Smith (Sep 03)
    - Re: Other file formats that can "phone" home jsl2 (Sep 04)
    - Re: Other file formats that can "phone" home Richard M. Smith (Sep 04)
  - Sun StarOffice documents that "phone home" and other interesting problems Kurt Seifried (Sep 04)
    - Re: Sun StarOffice documents that "phone home" and other interesting problems Luca Berra (Sep 05)
    - Leftover data in other files (was Re: Sun StarOffice documents that "phone home".....) jsl2 (Sep 05)
    - Re: Leftover data in other files (was Re: Sun StarOffice documents that "phone home".....) Ryan Russell (Sep 05)
- Re: Microsoft Word documents that "phone" home James Hoagland (Sep 01)
- Re: Microsoft Word documents that "phone" home cassius (Sep 02)
- Re: Microsoft Word documents that "phone" home cassius (Sep 02)