[SATLUG] (fwd) Macromedia Flash can be used to track us

Don Wright wmail at wricomp.com
Thu Apr 7 10:29:38 CDT 2005


Some interesting privacy news from GRC.com that probably affects Flash
player on all platforms.

Is there any firewall fingerprint that can block this at the border,
instead of changing settings on each GUI-equipped box? Or maybe
Default Deny should apply to port 80 as well.  --Don

-=-=-=-=-=-=-=-=-=-=-=-=-
In grc.news, Steve Gibson <news2005 at grc.com> wrote:

Folks,

In case you haven't yet heard, it turns out that the increasingly 
ubiquitous Macromedia Flash MX player allows web sites to store 
persistent information about us -- who knew? -- and that this 
makes it possible to have deleted cookies reconstituted.

The good news is that there's a way to configure the Macromedia 
Flash player that you most likely already have installed in your 
system so that it won't do this.

Here's the report on Techweb ...
http://www.techweb.com/wire/ebiz/160400719

And here's the page you can visit on Macromedia's site to adjust 
your Flash player settings for security.  I turned EVERYTHING off, 
deleted all past information stored by sites I had previous 
visited, and have prevented any future sites from storing 
anything:

This TinyURL expands to the long wrapping URL below it ...
http://tinyurl.com/6fo7r

http://www.macromedia.com/support/documentation/en/flashplayer/
help/settings_manager02.html

>---------------------------------------------------------------
Here's a snip from the top of the Techweb report ...

"Technology Uses Macromedia Flash MX to Thwart Cookie Purgers"

A New York company has begun offering persistent identification
element, or PIE, technology which "undermines" consumers' attempts 
to remove cookies from their computers.  By making use of the 
local shared objects feature in Macromedia's Flash MX,  PIE tags a 
flash object to the user's browser when a PIE site is visited; the 
tag acts as a sort of back-up cookie and can be used to restore a 
deleted cookie when the site is revisited.  Macromedia has posted 
instructions on its web site for disabling shared objects uploaded 
to browsers.

-- 
_________________________________________________________________
Steve.




More information about the SATLUG mailing list