That's nothing. 404 errors, all of them, are reported to MSN with their "autosearch" feature, which, of course, passes a referrer... On Tue, 17 Jun 2003, Stewart Smith wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Has anyone been able to verify this? > > http://www.secunia.com/advisories/8955/ > > Internet Explorer Exposes Sensitive Information > > Release Date: > 2003-06-06 > > Critical: > Moderately critical > > Impact: > Exposure of sensitive information > > Where: > From remote > > Software: > Microsoft Internet Explorer 6 > > Description: > A vulnerability has been identified in Internet Explorer, which exposes > sensitive information to "msn.com" and "alexa.com". > > While this is a known "feature" when the "Show Related Links" option > is activated in Internet Explorer, there is a bug, so that Internet > Explorer will keep transmitting the information to "msn.com" and > "alexa.com" after "Show Related Links" has been de-activated. This > occurs whenever "Ctrl+R" is used to reload a page. > > To make matters worse, it has been confirmed that this behaviour also > affects SSL enabled pages. One thing is that Microsoft has chosen to > make a "feature", which reveals this information to "msn.com" and > "alexa.com", but the fact that information, which was supposed to be > protected by SSL and sent only to one site, is sent in plain text to a > third party ("msn.com" and "alexa.com") is of great concern. > > The data transmitted to "msn.com" and "alexa.com" is the complete URL. > In some cases this could contain sensitive information such as > username, password, session id, search string, "secret paths", and more. > > The vulnerability has been confirmed for Internet Explorer 6 on > Windows 2000 and Windows XP with all Service Packs and hotfixes. > > It is Microsoft that controls who else than "msn.com" should receive > this information. Microsoft could at any time choose to send this > information to another party than "alexa.com". > > > > Solution: > We recommend that you filter traffic at your perimeter so that no data > may be sent to "msn.com" and "alexa.com". > > Make sure that you don't use the "Show Related Links" feature or that > you close your browser after you have used it. > > For other alternative solutions see "Other References". > > > > Reported by / credits: > Mike Shepherd > > > > Changelog: > 2003-06-09 Minor correction. Added link to alternative solutions. > > > > Other References: > http://www.imilly.com/alexa.htm#subvert > > Stewart Smith > stewartat_private > Programmer / UNIX Sys Admin > > Gamma Solutions Pty Ltd > Monash Corporate Centre, > Unit 11, 20 Duerdin Street, > Clayton, Victoria 3168 > Phone: +61 3 9562 7755 > Fax: +61 3 9562 7766 > Mobile: +61 4 3884 4332 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (Darwin) > > iD8DBQE+7mZZFtJC9tN9SokRAo1zAJ93g0roDJlfeZXSI5CQXY99X5t+ZgCgl9Wq > kK3vp6lnViXndwoYPkXrj0E= > =3zvI > -----END PGP SIGNATURE----- > -- Best regards, Shimi ---- "Outlook is a massive flaming horrid blatant security violation, which also happens to be a mail reader." "Sure UNIX is user friendly; it's just picky about who its friends are."
This archive was generated by hypermail 2b30 : Sat Jun 21 2003 - 10:11:27 PDT