Re: Internet Explorer SuperCookies bypass P3P and cookie controls

From: Andreas Saurwein (saurwein@UNIWARES.COM)
Date: 01/15/02


Date:         Tue, 15 Jan 2002 17:55:07 +0100
From: Andreas Saurwein <saurwein@UNIWARES.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

At 15.01.2002 16:03 Tuesday, you wrote:
>However this ID number becomes a SuperCookie because it can be used
>by Web sites to bypass all of the new privacy and P3P protections
>that Microsoft has added to Internet Explorer 6 (IE6). IE6 ships
>today with all Windows XP systems. SuperCookies also work in all
>previous versions of Internet Explorer with all older versions of
>Windows.

I am using IE6 on Windows XP and I have WMP installed too.
WMP's unique identification is turned off.
Guess what? The sample page you have set up shows me another GUID everytime
I load the page.

For me the privacy protection seems to work fine. No privacy leak here, no
SuperCookies.

cheers
Andreas

============================================================================
Delivery co-sponsored by VeriSign - The Internet Trust Company
============================================================================
FREE E-COMMERCE SECURITY INFRASTRUCTURE GUIDE
When building an e-commerce site, you want to start with a strong, secure
foundation. Learn how with VeriSign's FREE White Paper, "Building an
E-Commerce Trust Infrastructure." See how you can authenticate your site to
customers, use 128-Bit SSL encryption to secure your web servers, and accept
secure payments online. Click here:
http://www.verisign.com/cgi-bin/go.cgi?a=n116965650045000
============================================================================



Relevant Pages

  • REPOST: Leaving the NG Scene for awhile......
    ... Get a good Firewall, Intrusion Detection, and especially a Packet ... Even some web sites that you trust, ... that is locked when your on these secure sites. ...
    (comp.security.firewalls)
  • Re: Unable to access sites
    ... Troubleshoot Situations Where You Cannot Complete MSN Sign-up or Connect to SSL Secured Web Sites by Using Internet Explorer in Windows XP ... check your ZA settings - some of it's "privacy" settings may be blocking the transmission of info needed to log on to secure sites. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Connectivity to certain web sites
    ... The closest I had was "AppData". ... SSL Secured Web Sites by Using Internet Explorer in Windows XP ... "The Page Cannot Be Displayed" Error Message on a Secure Web Site ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Connectivity to certain web sites
    ... That won't work on Win98 -- but then all the rules are different ... on Win98 since it's a single-user system from a different line than ... SSL Secured Web Sites by Using Internet Explorer in Windows XP ... "The Page Cannot Be Displayed" Error Message on a Secure Web Site ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Cannot Log In To Secure sites
    ... > How to troubleshoot problems accessing secure Web pages with IE6 SP2 ... > SP2, some SSL-secured Web pages and Web sites may not work correctly. ... >> Restored my PC to a date prior to the problem. ...
    (microsoft.public.windowsxp.security_admin)