The collusion Griffin found across Microsoft sites should be impossible, but
Microsoft manages it by using URL redirection. Griffin even provides an example of how
you can send a request to an ASP file at Microsoft to deliver your Microsoft GUID to
your own server.
Microsoft has created a working mechanism for using cookies to maintain user
information across sites. href="http://www.lanl.gov/projects/ia/library/bits/bits0697.html">Cookies are not
dangerous in themselves, but do provide information that helps track users. Users
concerned about the privacy of their browsing activity should take note of this
development. It could let organizations track your shopping habits or file
Smith notes that the Web bug problem is not limited to Microsoft applications. He's
prepared a FAQ on the
How do you track or manage cookies? Netscape browser users can edit their cookies
file by exiting Netscape, finding their cookies file (in the Netscape folder on Windows
.netscape directory in the user's home on
Unix), and deleting any lines they wish. Deleting cookies that were left under Internet
Explorer is much more difficult, as the information is stored in structured binary
files instead of text.
You can disable cookies, but if you do, you lose valuable functionality when
lets you accept cookies only from trusted sites, but such sites very likely would
include Microsoft, which leaves you just where the current problem started.
There are many
third-party utilities for managing cookies, though I have not tested any of them.
But the latest issues with Web bugs and cookies point out the more general need for
better control of the security functions of our Web browsers. For example, browser
single site and disables them by default as soon as you visit a different site. Those
developing the next generation of browsers need to make user security a primary