• Recommend:
• 0 Comments

Trojan Horse E-Mail Can Expose Your Web Wanderings

A security hole in both Communicator and Internet Explorer allows cookie files to track your browsing and Usenet reading.

By Brian McWilliams, PCWorld   

But according to Benjamin Franz, webmaster for an Internet service provider named Net Images, a hole in both Netscape%squots Communicator and Microsoft%squots Internet Explorer gives Web sites a way, albeit a complicated one, to extend the power of cookie files to track activities such as reading certain Usenet newsgroup postings.

Franz reports that the HTML-enabled e-mail and newsgroup readers from Netscape and Microsoft can be exploited to tie a cookie to a specific e-mail address. With that information, Web sites and third-party advertising outfits such as DoubleClick could collect information about the sites you frequent and then sell your e-mail address to appropriate marketers.

%dquotThey can say, this is my list of people who visit insurance sites, this is my list of people who visit adult sites, here%squots my list of people who visit car sites. They could sell these lists off to anybody they wanted to,%dquot said Franz.

To exploit this privacy hole, a Web site would already have to know your e-mail address. To begin tracking your travels, a company sends you an HTML-encoded e-mail containing an in-line graphic file that%squots located back on the company%squots server. When you open the message, the graphic automatically loads and puts one cookie on your hard disk while one is sent back to the server. When you visit that server, the company would know that you had been there by your e-mail address.

What%squots more, Franz says, the company could learn more about your interests by posting messages in Usenet newsgroups.

%dquotIf I were to post an article to a Usenet group in HTML and put in another link back to my Web server,%dquot says Franz, %dquotwhen you read that article, I%squotd know you read it. And I%squotd know what newsgroup I posted the article to so it would act as a tripwire. I can%squott tell that you%squotre reading every article there, but I can tell you that you read my article there.%dquot

Using this technique, Franz says an insurance company, for example, could decide you%squotre a high risk because you read their posting to an AIDS newsgroup or another health-related discussion group.

Netscape today acknowledged the privacy hole, and said Communicator users can disable it by going to the Advanced option in the Preferences menu and clicking on the option to accept only cookies that get sent back to the originating server. According to Dave Andrews, senior product manager for security, Netscape intends to make future versions of Communicator immune to this sort of exploit, though he wouldn%squott specify how. The only workaround for users of Navigator versions 3 and below is to tell Navigator to warn you before it accepts cookies.

A Microsoft spokesperson said the company is still investigating the bug and isn%squott prepared to comment.