posted Sep 01, 2000

MS fumbles Word privacy scare Privacy from Companies9/1/2000; 10:19:29 AM 'Microsoft was caught off-guard yesterday by a warning that Word documents could be tracked over the Internet without their readers' knowledge. 'A press release from a security consultant drew attention to the potential problem, by which embedded links to content on servers could be used to track the usage of documents as they're passed around multiple users on the Net. Richard M Smith pointed out that the embedded content could well be invisible to the user, who could find themselves being tracked without their knowledge.'This security 'flaw' will exist in any place that URLs can be used, thus, they may exist in HTML e-mail, Word documents, or even a Linux script file that calls wget (which retrieves something based on the URL) to retrieve some URL. It's a fundamental problem to our conception of Internet security, not just a flaw in Word. If it's a flaw in word, it's a flaw that's extremely common.The problem is that there is no good way to prevent this. If you are going to allow people to use URLs to refer to network documents, and you automatically retrieve these documents without making the user confirm each one individually (if even that would help!), then retrieving an empty graphic image or a null string or something else that will be invisible will be possible.Any "solution" to this problem will make Word work less well, as they are basically going to have to just remove the feature.(Yesterday's news. Sorry for the delay, but I had a really hard time getting through to yesterday.)


Site Links


All Posts