Bugtraq mailing list archives

RE: Bypassing cookie restrictions in IE 5+6

From: "Christopher G. Lewis" <Chris () ChristopherLewis com>
Date: Tue, 6 Aug 2002 15:21:48 -0500

Jelmer  -

Bypassing cookie restrictions in IE 5+6

Description

  <snip>

This behaviour completely ignores the privacy settings and allows 
website owners and advertisers to start tracking your every move once 
again.

  <snip>

Workaround:

disable active scripting


If you turn off userdata persistence in the security zone, you can
completely turn off userdata.
Tools|Internet Options
  Security Tab
  Custom Level Button
    <last option in Miscellaneous>
    Userdata persistence
      <set to>Disable

But yes, MS should use the "Per-Site Privacy Actions" that are available
with cookies for UserData 

Chris

-----Original Message-----
From: Jelmer [mailto:jelmer () kuperus xs4all nl]
Sent: Saturday, August 03, 2002 8:43 PM
To: bugtraq () securityfocus com; secure () microsoft com
Subject: Bypassing cookie restrictions in IE 5+6

Current thread:

Bypassing cookie restrictions in IE 5+6 Jelmer (Aug 06)
- RE: Bypassing cookie restrictions in IE 5+6 GreyMagic Software (Aug 06)
- <Possible follow-ups>
- RE: Bypassing cookie restrictions in IE 5+6 Christopher G. Lewis (Aug 06)