Richard,

        I have a bad feeling about this. My concern is that Microsoft doesn't want to
arouse the wrath of powerful advertising companies like Double Click, so some
way will be "found" for these companies to meet minimum standards. In other
words, minimum standards could really be pretty darned minimum, and most third
party cookies would continue to be deposited and read back.

ric

Ric Steinberger
Security Portal - the Focal Point for Security on the Net
http://www.securityportal.com/
650.856.2067
Mobile: 650.302.4322
Pager: 360.307.5045

-----Original Message-----
From: Web and Mobile Code Security [mailto:WWW-MOBILE-CODESECURITYFOCUS.COM]On
Behalf Of Richard M. Smith
Sent: Sunday, April 08, 2001 9:08 AM
To: WWW-MOBILE-CODE-X-SECURITYFOCUS.COMmail-x-change.com
Subject: Re: Internet Explorer 6

Hi Ric,

In order for a Web site to set a third-party cookie
on a computer running IE6, the site must have P3P privacy
policy which meets certain minimum standards. What these
standards are I don't quite know.

Richard

-----Original Message-----
From: Web and Mobile Code Security
[mailto:WWW-MOBILE-CODESECURITYFOCUS.COM]On Behalf Of Ric Steinberger
Sent: Sunday, April 08, 2001 11:31 AM
To: WWW-MOBILE-CODESECURITYFOCUS.COM
Subject: Re: Internet Explorer 6

It's interesting that IE 6, under the privacy setting, at the medium level,
says
"Do not allow unsatisfactory third parties" to install cookies. It's not
clear
what MS means by unsatisfactory, but this could be crucial. What if MS
takes a
very narrow definition of unsatisfactory, meaning that it defines
unsatisfactory
as related to porn or violence, whereas Double Click, being merely an
advertiser, is quite "satisfactory." I don't know that this is true. But
the
wording in the IE config panel is certainly ambiguous.

Ric Steinberger
Security Portal - the Focal Point for Security on the Net
http://www.securityportal.com/
650.856.2067
Mobile: 650.302.4322
Pager: 360.307.5045

-----Original Message-----
From: Web and Mobile Code Security
[mailto:WWW-MOBILE-CODESECURITYFOCUS.COM]On
Behalf Of Voodoo Child
Sent: Saturday, April 07, 2001 10:00 PM
To: WWW-MOBILE-CODE-X-SECURITYFOCUS.COMmail-x-change.com
Subject: Re: Internet Explorer 6

Heres then gen on third-party cookies .....for those interested.

http://msdn.microsoft.com/workshop/security/privacy/ie6privacyfeature.asp#IE
6Pri
vacyFeature_topic3

At Sat, 7 Apr 2001 19:25:55 -0700, Ric Steinberger <ricstRUSTYMAIL.COM>
wrote:

>
>Some "smart" marketing companies have discovered how to create and read
>cookies
>using Javascript. That's harder to block/prevent than the conventional
>HTTP
>cookie creation method.
>
>Ric Steinberger
>Security Portal - the Focal Point for Security on the Net
>http://www.securityportal.com/
>650.856.2067
>Mobile: 650.302.4322
>Pager: 360.307.5045
>
>-----Original Message-----
>From: Web and Mobile Code Security
[mailto:WWW-MOBILE-CODESECURITYFOCUS.COM]On
>Behalf Of Voodoo Child
>Sent: Saturday, April 07, 2001 8:07 PM
>To: WWW-MOBILE-CODE-X-SECURITYFOCUS.COMmail-x-change.com
>Subject: Internet Explorer 6
>
>Anyoine lese been playing with Internet Explorer 6 ? Seems they have
>done
>P3P the standard being developed by the www.W3c.com/p3p ...one cool
>thing
>is stopping third party cookies ....looks like double clicks business
>just
>died ;-)
>Free, encrypted, secure Web-based email at www.hushmail.com
>
>_____________________________________________
>Forward your Yahoo mail to your WAP device at www.mail-x-change.com
>
Free, encrypted, secure Web-based email at www.hushmail.com

_____________________________________________
Send a copy of all your email to your WAP device at www.mail-x-change.com

_____________________________________________
Get a lifetime email address at www.mail-x-change.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]