Re: Internet Explorer SuperCookies bypass P3P and cookie controls

From: Andreas Saurwein (saurwein@UNIWARES.COM)
Date: 01/15/02


Date:         Tue, 15 Jan 2002 17:55:07 +0100
From: Andreas Saurwein <saurwein@UNIWARES.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

At 15.01.2002 16:03 Tuesday, you wrote:
>However this ID number becomes a SuperCookie because it can be used
>by Web sites to bypass all of the new privacy and P3P protections
>that Microsoft has added to Internet Explorer 6 (IE6). IE6 ships
>today with all Windows XP systems. SuperCookies also work in all
>previous versions of Internet Explorer with all older versions of
>Windows.

I am using IE6 on Windows XP and I have WMP installed too.
WMP's unique identification is turned off.
Guess what? The sample page you have set up shows me another GUID everytime
I load the page.

For me the privacy protection seems to work fine. No privacy leak here, no
SuperCookies.

cheers
Andreas

============================================================================
Delivery co-sponsored by VeriSign - The Internet Trust Company
============================================================================
FREE E-COMMERCE SECURITY INFRASTRUCTURE GUIDE
When building an e-commerce site, you want to start with a strong, secure
foundation. Learn how with VeriSign's FREE White Paper, "Building an
E-Commerce Trust Infrastructure." See how you can authenticate your site to
customers, use 128-Bit SSL encryption to secure your web servers, and accept
secure payments online. Click here:
http://www.verisign.com/cgi-bin/go.cgi?a=n116965650045000
============================================================================