|
|
While this is a known "feature" when the "Show Related Links" option is enabled in Internet Explorer, there is a bug, so that Internet Explorer will keep transmitting the information to "msn.com" and "alexa.com" after "Show Related Links" has been disabled. This occurs whenever "Ctrl+R" is used to reload a page. [more...]
June 06, 2003
Credit: Mike Shepherd
Establish monitoring
To make matters worse, it has been confirmed that this behaviour also affects
SSL enabled pages. One thing is that Microsoft has chosen to make a "feature",
which reveals this information to "msn.com" and "alexa.com", but the fact that
information, which was supposed to be protected by SSL and sent only to one
site, is sent in plain text to a third party ("msn.com" and "alexa.com") is of
great concern.
The data transmitted to "msn.com" and "alexa.com" is the
complete URL. In some cases this could contain sensitive information such as
username, password, session id, search string, "secret paths", and
more.
The vulnerability has been confirmed for Internet Explorer 6 on
Windows 2000 and Windows XP with all Service Packs and hotfixes.
It is
Microsoft that controls who else than "msn.com" should receive this information.
Microsoft could at any time choose to send this information to another party
than "alexa.com".
| |
|
Article continues...
Secunia |
 | |
|
|
|
 |
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 5
Votes: 2
|
|
|
