Re: Internet Explorer SuperCookies bypass P3P and cookie controls

From: Steve Glorieux (steveg@VOTEHERE.NET)
Date: 01/15/02


Date:         Tue, 15 Jan 2002 09:34:35 -0800
From: Steve Glorieux <steveg@VOTEHERE.NET>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

WMP 6.4 does have that option under "view-options" player tab right bottom
of window,
and it does indeed give out what seems to be a random number every time.
For once that MS has done something well and is not creating some form of a
security
problem ....
I have tested this under 98 and 2K now and both behave the exact same even
with different versions of IE (5.0 and 5.50).

my 2cp
steveg
-----Original Message-----
From: Robert D. Johnston [mailto:rj@SYSTEMAXDEV.COM]
Sent: Tuesday, January 15, 2002 9:19 AM
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: Re: Internet Explorer SuperCookies bypass P3P and cookie
controls

Note:

Working as advertised with:
IE5.5 SP2 (Build: 5.50.4807.2300)
WMP 6.4 (Build: 6.4.09.1121)
Windows 2000 Server (SP2)

WMP 6.4 has no "Allow/Disallow GUID" setting.

--
Robert Johnston
Internet Developer, Systemax Europe Ltd.
+44 (0)208 523 4020 x354
--
Bad Headlines #5:
        Patient At Death's Door--Doctors Pull Him Through

This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk

===========================================================================D elivery co-sponsored by VeriSign - The Internet Trust Company ===========================================================================F REE E-COMMERCE SECURITY INFRASTRUCTURE GUIDE When building an e-commerce site, you want to start with a strong, secure foundation. Learn how with VeriSign's FREE White Paper, "Building an E-Commerce Trust Infrastructure." See how you can authenticate your site to customers, use 128-Bit SSL encryption to secure your web servers, and accept secure payments online. Click here: http://www.verisign.com/cgi-bin/go.cgi?a=n116965650045000 ===========================================================================