Mistype a URL? M$N knows what you typed.
From: Darren Reed (avalon@coombs.anu.edu.au)Date: 03/06/02
- Previous message: Spybreak: "efingerd remote buffer overflow and a dangerous feature"
- Next in thread: Dan Heskett: "RE: Mistype a URL? M$N knows what you typed."
- Reply: Dan Heskett: "RE: Mistype a URL? M$N knows what you typed."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Darren Reed <avalon@coombs.anu.edu.au> To: bugtraq@securityfocus.com Date: Wed, 6 Mar 2002 11:42:02 +1100 (Australia/ACT)
If you've ever used IE and typed in "ww.foo.com" into the path, you
will end up at a web page generated by an MSN web site. How did I
get this, you ask? Well, you definately cannot find anything in the
"Internet Options" panels which lets you configure this. If you
fire up regedit, under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search
you will find "CustomizeSearch" and "SearchAssistant". Unless you
want all of the URLs which fail to resolve in domain names to be
handed off to MSN. Furthermore, there are cookies involved with
these web sites. These "helpers" appear to only be used when there
are no proxies enabled but it would be a nice if there was an easier
way to stop Microsoft knowing every bad URL that gets typed, etc,
by those with no proxy.
FWIW, for me CustomizeSearch defaults to:
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
and SearchAssistant to:
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Darren
- Previous message: Spybreak: "efingerd remote buffer overflow and a dangerous feature"
- Next in thread: Dan Heskett: "RE: Mistype a URL? M$N knows what you typed."
- Reply: Dan Heskett: "RE: Mistype a URL? M$N knows what you typed."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
