A trivial scrap of malicious JavaScript can defeat entirely the Platform for Privacy Preferences (P3P) 'protections' Microsoft has integrated into Internet Explorer 6, all because of a dodgy 'feature' in Windows Media Player (WMP).
According to a post by privacy advocate Richard M. Smith to the BugTraq mailing list Tuesday, WMP generates by default a serial number which can be grabbed by a Web site using the simple exploit. The number can be used as a 'super cookie', as Smith calls it, enabling a nosey third party to track a victim's on-line comings and goings regardless of their cookie handling rules.
|