Re: Internet Explorer SuperCookies bypass P3P and cookie controls

From: Russ (Russ.Cooper@RC.ON.CA)
Date: 01/15/02


Date:         Tue, 15 Jan 2002 12:13:55 -0500
From: Russ <Russ.Cooper@RC.ON.CA>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Richard,

I too have tested your demo page and found that it doesn't work as
advertised.

I'm running W2K Pro SP2, with IE 6.0.2600.0000 + Q313675, and Windows
Media Player 7.01.00.3055.

If I go with a default installation, I retrieve the actual GUID for WMP.

If I change the setting for "Allow Internet sites to uniquely identify
your player" to disabled, I get a different GUID every time I close the
window on your demo page and re-open it (e.g. kill the session cookie).
If I simply sit there and refresh the page, I get the same GUID over and
over again (although the GUID given is not the actual GUID for WMP as
listed in the registry).

Ergo, when I don't allow unique identification, it appears that MS is
offering a dynamically generated random GUID.

This would appear to be in conflict with what you state is the behavior
(although you didn't mention if this problem affected W2K installations,
or what version of WMP you were testing with).

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

======================================
Delivery co-sponsored by VeriSign - The Internet Trust Company
======================================
FREE E-COMMERCE SECURITY INFRASTRUCTURE GUIDE
When building an e-commerce site, you want to start with a strong, secure
foundation. Learn how with VeriSign's FREE White Paper, "Building an
E-Commerce Trust Infrastructure." See how you can authenticate your site to
customers, use 128-Bit SSL encryption to secure your web servers, and accept
secure payments online. Click here:
http://www.verisign.com/cgi-bin/go.cgi?a=n116965650045000
======================================



Relevant Pages

  • Installation terminates when "documenents & Setting" not in default location
    ... At the moment I'm developing a full unattended installation script for the ... Right after continuing on the "components summary" dialog the setup program ... related to that specific folder location. ... failed in CPageBase::GetGlobalProperty: GUID = ...
    (microsoft.public.windows.server.sbs)
  • Installation terminates when "documenents & Setting" not in default location
    ... At the moment I'm developing a full unattended installation script for the ... Right after continuing on the "components summary" dialog the setup program ... related to that specific folder location. ... failed in CPageBase::GetGlobalProperty: GUID = ...
    (microsoft.public.windows.server.sbs)
  • Re: group policy deploying software-how to see order of deployment
    ... Distributing Software Using Group Policy ... The software installation extension assigns a Globally Unique ... Identifier (GUID) to each application. ... filters, using group filtering ect. ...
    (microsoft.public.windows.group_policy)
  • Still trying to re-install sharepoint
    ... installation of MSCRM corrupted the companyweb site. ... the companyweb folder was deleted. ... failed in CPageBase::GetGlobalProperty: GUID = ...
    (microsoft.public.windows.server.sbs)
  • Re: Disable Cert Check under WM5
    ... Just missed the previous post by Carl Wolz ... ... Only thing is that I had to add "Secure" to the GUID!!! ... still need a cert if you are syncing SSL ...
    (microsoft.public.pocketpc.activesync)