One of the news items making the rounds for the past few days is the 'exploit' of putting small url-based graphics or 'bugs' in Word documents, that allow the savvy user to trace where the document goes and who looks at it.

The idea is that whenever the document is viewed by a computer hooked to the net, Word will establish an http connection with the authors' machine (web site, whatever) and download the graphic on demand. Naturally this download is saved in the server log and the author can check the log to see who downloaded the graphic, and thus viewed the document, and from where.

Wired put up a story on this topic yesterday and called Microsoft for their take on the 'exploit.' Wired excerpt follows:

Microsoft was quick to point out that if this is an issue, it's one affecting any HTML-enabled application, not just Word.

"This is a decision that every Web user needs to make -- whether they're comfortable accepting cookies from a website," said Scott Culp, a Microsoft security-program manager. "That's why we provide the features in IE that say, 'Accept a cookie from this website, but not a cookie from that website.'"

Mike seems completely unaware that this issue has nothing at all to do with cookies. While a cookie can store extra information on a user's system, accepting or refusing a cookie won't stop the graphic from loading and consequently alerting the author of the viewing.

The question here is whether Microsoft Mike really doesn't know what a cookie is, and why it's immaterial, or if he sensed that he could get away with touting IE (and Word)'s ability to refuse cookies as a way of saying "See? That's all right then."

To my mind it doesn't lend much faith that Microsoft is going to deliver a solution when they apparently don't fully understand the problem...