Interesting People mailing list archives
IP: The Cookie Leak Security Hole in HTML Email messages
From: Dave Farber <farber () cis upenn edu>
Date: Sat, 04 Dec 1999 09:19:05 -0500
From: "Bill Burgos" <onomrbil () gol com> Organization: White Bear To: Dave Farber <farber () cis upenn edu> Date: Sat, 4 Dec 1999 23:16:20 +0900 Richard M. Smith (smiths () tiac net) November 30, 1999 Since the invention of Web browser cookies by Netscape, the claim has always been made that they are anonymous and cannot be associated with any personal information unless someone provides this information. In this write-up, I will present a technique in which browser cookies can be matched to Email addresses without people's knowledge. The technique relies on a security hole that is present in both Microsoft's Internet Explorer browser and Netscape's Navigator browser. This technique can be used, for example, to allow a banner ad company to associate an Email address with a "anonymous" profile that has been created for a person as they surf the Web. Once a banner ad company has an Email address tied to a profile, they can provide a service to advertisers of customized ads in "junk" Email message. These ads can be based on profiles previously created from Web site visits. In addition, banner ad companies can offer the service of sending out "junk" Email messages to people who visit a particular Web site. This last service makes Web surfing much less private. <snip> http://www.tiac.net/users/smiths/privacy/cookleak.htm Bill onomrbil () gol com mailto:onomrbil () gol com
Current thread:
- IP: The Cookie Leak Security Hole in HTML Email messages Dave Farber (Dec 04)