|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
IE4 and channels
Alan Cox (alan
DIAMONDAGE.CYMRU.NET)Thu, 2 Oct 1997 08:43:44 +0000
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Brian Tao: "[RISKS DIGEST 19.40] Possible breakthrough in NP-completeness"
- Previous message: John Bashinski: "Notice: serious security problem in Cisco PPP/CHAP"
- Next in thread: Jon Cargille: "IE4 and channels"
Just a teaser to start with: Most folks will remember the netscape java bug that allowed you to snoop on what people where visiting. Well IE4.0 goes a bit further than this - Logging of your actions, even when you would otherwise be shielded by proxies is _BUILT_ _IN_ The channel definition format (.CDF) http://www.microsoft.com/standards/cdf-f.htm includes a LOGTARGET feature that allows a web site provider to make your browser deliver logs of your usage via an http post or put. Even hits from cache are logged. This is all not so good and getting worse. Not only is the information posted material you wouldn't want to give to a provider it also being http post/put normally is spoofable anyway. Unanswered question for next time - or for folks with more time than me to follow up o Can you put other sites in your channel definition and get logs of when they read your competitor site Alan
- Next message: Brian Tao: "[RISKS DIGEST 19.40] Possible breakthrough in NP-completeness"
- Previous message: John Bashinski: "Notice: serious security problem in Cisco PPP/CHAP"
- Next in thread: Jon Cargille: "IE4 and channels"