Re: ValueClick

trevKICS.BC.CA

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Matt Hallacy: "Re: FTP.SODRE.NET Hacked... Eggdrop Modified.."
• Previous message: Harhalakis Stefanos: "Re: Irix tape devices + logs + su"

Hi Ellen

Perhaps you haven't heard of the Brumleve cache bug, or the other various
ways remote websites can gather the information in your browser's history.
It is so simple to use POST instead of GET... I don't see why you want to
take the chance of it being intercepted.  There are a number of ways that
requested URLs can be logged etc.

Trev


At 07:57 PM 12/19/98 -0500, Ellen (ValueClick) wrote:
>Hi,
>
>Please allow me to introduce myself.  My name is Ellen O'Rourke and I am
>Host Member Manager for ValueClick.
>
>I would like to refer to the letter you wrote BUGTRAQNETSPACE.ORG
>regarding "ValueClcik vernerability."
>
>Let me explain:
>
>If the user decides to go to another site after they
>are logged in,  either via a bookmark or typing in
>a url, the referring url will be blank.  If we had
>a link to the outside, the referring url would
>contain the logged in user's username and password.
>
>The links that we do have to the outside, such
>as on the exclude banners page where a user
>can click on a banner to view the advertiser's
>site, have the referring url stripped off to
>protect the host's login info.
>
>If you have evidence that contradicts this, we would very much appreciate
>your advising us.

• Next message: Matt Hallacy: "Re: FTP.SODRE.NET Hacked... Eggdrop Modified.."
• Previous message: Harhalakis Stefanos: "Re: Irix tape devices + logs + su"