Re: DOS undocumented feature
Juergen Luethje
> > Juergen Luethje wrote:
> >> In contrast to the dynamic techniques that you describe, the information
> >> in the INDEX.DAT files is stored on my hard disk. Therefore web companies
> >> can read from there, what websites I have visited a week ago or so, is this
> >> right?
>
> > Not directly.
>
> Is the information in the INDEX.DAT files not stored for such a long
> time, or what do you mean? Would you think that it doesn't make sense
> to delete the INDEX.DAT files for the sake of privacy?
Normally web pages can't just read a file or browse your hisory.
I wouldn't delete INDEX.DAT because it contains data needed for
off-line browsing (which I often use)
> > However MSIE has lots of bugs, and some of them allow reading
> > any local files, executing code etc. Just try this:
>
> > <img src="file:///C|/con/con">
>
> What exactly shall I try? This is a HTML tag, isn't it? I saved your
> post as HTML file. I have MSIE 5.50 + SP1. When I open this HTML file
> with it, I can't detect anything special. It just shows a square with
> a red cross inside, instead of <img src="file:///C|/con/con">.
This is one older bug in MSIE+Win. Reference to PRN,CON or AUX causes
system to crash. You probably have Win2000+.
> Of course, those Blue Screens are very annoying. But are they related
> to any lack of privacy?
It just shows how safe MSIE is. This search :
http://search.atomz.com/search/?sp-q=Microsoft+Internet+Explorer&sp-a=sp1001071c
gives about 187 security bugs. Some let attacker run any code on your machine
etc. But this is not the topic of EUFourm. Bugtraq would be better.
Martin
|
Not Categorized, Please Help
|
|
