Bookmark / Share this TS | Thomas
06-15-2003, 07:00 AM
A vulnerability has been identified in Internet Explorer, which exposes sensitive information to "msn.com" & "alexa.com".
While this is a known "feature" when the "Show Related Links" option is activated in Internet Explorer, there is a bug, so that Internet Explorer will keep transmitting the information to "msn.com" & "alexa.com" after "Show Related Links" has been de-activated. This occurs whenever "Ctrl+R" is used to reload a page.
To make matters worse, it has been confirmed that this behaviour also affects SSL enabled pages. 1 thing is that Microsoft has chosen to make a "feature", which reveals this information to "msn.com" & "alexa.com", but the fact that information, which was supposed to be protected by SSL & sent only to 1 site, is sent in plain text to a third party ("msn.com" & "alexa.com") is of great concern.
Would you like to know more? (http://www.secunia.com/advisories/8955/)
While this is a known "feature" when the "Show Related Links" option is activated in Internet Explorer, there is a bug, so that Internet Explorer will keep transmitting the information to "msn.com" & "alexa.com" after "Show Related Links" has been de-activated. This occurs whenever "Ctrl+R" is used to reload a page.
To make matters worse, it has been confirmed that this behaviour also affects SSL enabled pages. 1 thing is that Microsoft has chosen to make a "feature", which reveals this information to "msn.com" & "alexa.com", but the fact that information, which was supposed to be protected by SSL & sent only to 1 site, is sent in plain text to a third party ("msn.com" & "alexa.com") is of great concern.
Would you like to know more? (http://www.secunia.com/advisories/8955/)
