Firewalls: IE 4 security hole?

Firewalls
(October 1997)

Indexed By Thread: [Previous] [Next]

Subject:	IE 4 security hole?
From:	Phil Glatz <phil @ glatz . com>
Date:	Fri, 03 Oct 1997 07:51:40 -0700
To:	firewalls-digest @ GreatCircle . COM

Does anyone have any more information on this?

The channel definition format (.CDF)
http://www.microsoft.com/standards/cdf-f.htm includes a
LOGTARGET feature that allows a web site provider to make
your browser deliver logs of your usage via an http post or
put. Even hits from cache are logged. This is all not so good
and getting worse. Not only is the information posted
material, you wouldn't want to give to a provider,
(considering) "http post/put" is normally spoofable anyway.

Follow-Ups:

Re: IE 4 security hole?
From: "Jeremy D. Zawodny" <zawodny @ hou . moc . com>

Indexed By Date	Previous:	[no subject] From: "Ayal S. Bida" <asb @ ican . net>
Indexed By Date	Next:	Re: Plug Help From: mgetter @ advstaff . com
Indexed By Thread	Previous:	[no subject] From: "Ayal S. Bida" <asb @ ican . net>
Indexed By Thread	Next:	Re: IE 4 security hole? From: "Jeremy D. Zawodny" <zawodny @ hou . moc . com>