Supercookie
From: Boojum (Boojum_at_discussions.microsoft.com)
Date: 01/11/05
- Next message: chrissssss..........: "What is VBS/Psyme ?"
- Previous message: msadexchman: "The ideal secure SMTP infrastructure"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 11 Jan 2005 07:01:04 -0800
While doing an online security scan, I was told I can a vulnerability because
of the presence of a supercookie. The suggested security fixes are as follows:
AuditMyPC.com's Quick Security Fixes
Listed below are some of the fixes to prevent sites from tracking your
activities and securing your system.
--------------------------------------------------------------------------------
Clipboard Access: How to prevent websites from scanning your clipboard or
breaching your clipboard security. [Applies to Internet Explorer only.]
Tools > Internet Options > Security > Select a security zone > Custom Level
> Scripting > Allow paste operations via script - set this to prompt.
Set "Run ActiveX controls and plug-ins" to "Disable" or "Prompt".
--------------------------------------------------------------------------------
SuperCookies: How to prevent websites from tracking your online activity.
Windows Media Player has a unique ID number that may be used by websites to
track the users behavior. Microsoft has added this SuperCookie to Internet
Explorer 6 and it may also work in all previous versions of Internet Explorer
using older versions of Windows.
To remove the SuperCookie, select the "Tools / Options..." menu command from
Windows Media Player and uncheck the box that says "Allow Internet sites to
uniquely identify your player".
If you have Media Player 6.4 and 7 and the above option does not work for
you, then follow this link:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-029.asp
* You must close your browser completely before any changes will take effect.
--------------------------------------------------------------------------------
Internet Explorer File Read Vulnerability: Allows reading and sending of
local files! The work around has been to disable all java or install the
Sun JDK which does not seem to be affected. Sun JDK can be found at
http://java.sun.com/j2se
More information can be found here:
http://online.securityfocus.com/archive/1/287895/2002-08-15/2002-08-21/2
--------------------------------------------------------------------------------
Internal (NATted) IP address and General File Reading: How to prevent
websites from reading your internal IP and system files!
To prevent this Set "Active Scripting" or "Navigate sub-frames across
different domains" to "Prompt" or "Disable". If you are running Internet
Explorer, and you have active scripting disabled, you'll need to temporarily
enable this when you run windows update.
To change the active scripting setting, do the following in IE. Navigate to
tools, internet options, security, custom level in Internet Explorer.
Your internal IP information can't really be used against you, except where
companies wish to track the number of internal IP addresses originating from
one external address.
--------------------------------------------------------------------------------
Hiding or changing the information your computer gives out:
If you want to change or hide information about your computer, such as where
you have been, what browser you're using and more, then download Proxomitron.
When this program installs, it does not start automatically at system boot,
so you'll want to add it to the startup group or run it manually. In a
nutshell, this program talks to the internet for you and hides the
information you want to keep private. It listens on your internal port 8080,
so you need to tell your browser to use proxy server 127.0.0.1 on port 8081.
Once you have this running, right click on the programs task bar icon and
choose bypass. Visit the AuditMyPC.com privacy page and record the
information that is displayed. Right click on the program icon again, and ,
then right click on the programs icons again and click on bypass to turn it
back on. Now visit the privacy page again and compare the results.
--------------------------------------------------------------------------------
Tighten your Windows security:
This is a basic IPsec policy that allows you to surf the web while locking
down all non-essential ports. It's not a substitute for a good firewall, but
it does a great job at preventing unauthorized access to your system.
To import this policy, simply navigate to administrative tools, local
security policy, right click on IP security policies on local computer, all
tasks, import policies and choose the location of the ipsechome.ipsec file
you extracted from the zip file ipsechome.zip.
Activate the policy by right clicking on the new policy (IPrules for Home
Use) and choose assign.
--------------------------------------------------------------------------------
Microsoft Users:
Always make sure you have the latest security packs installed! Visit
http://windowsupdate.microsoft.com to get the latest fixes. The majority of
security vulnerabilities are exploited after fixes have been made available
by Microsoft - so update often!
I am current with the updates, performed the suggested fixes, and the
suppercookie is still there. Do I have a problem? Is there a solution?
Operating System Windows 98 SE (4.10.1034.2222)
Internet Explorer 6.00.2800.1106
MSN Client 9.10.0009.2900
Amount of Memory 319 MB
Thanks
- Next message: chrissssss..........: "What is VBS/Psyme ?"
- Previous message: msadexchman: "The ideal secure SMTP infrastructure"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
