|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: The AOL Spyware
From: info (info
SAFER-HEX.COM)Date: Thu Jul 13 2000 - 05:12:04 CDT
- Next message: Daniel Jacobowitz: "Re: sendmail ;o)"
- Previous message: Jon Paul, Nollmann: "Re: tail -f to a dir"
- In reply to: Mikael Olsson: "Re: The AOL Spyware"
- Next in thread: Oporto, Kenneth: "FW: The AOL Spyware"
- Reply: info: "Re: The AOL Spyware"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Also sprach Mikael Olsson um 20:53 Uhr +0200 am 08.07.2000:
>
>Yes. I think someone should sniff some traffic and try to parse it
>(or post it) so that we can see what happens. Who knows, it could
>concevably be something as innocent as "check for new versions of
>smart download", but then again, it may not :-P
>
>(So let's not cry foul until we see what it's doing. It hurts
> the security community if we do)
For hyper-references, please visit http://www.safer-hex.com/
2000/07/11/10.45
AOL/Netscape spies on surfers
According to a tecChannel feature article, the functions
"SmartDownload" and "Search," both new in Netscapes browser versions
4.7.x, protocol downloads and search queries and transfer these to
Netscape, a subsidiary of AOL. The transfer includes file names,
search terms and the user's email address without any user consent.
Primary benefit of SmartDownload is, that it can continue an
interrupted download after the connection has dropped. Right after a
download starts, SmartDownload sends a packet to "cgi.netscape.com".
Included is the file name and the server address, from where it is
being loaded. The user's IP address is also transfered. Is the user
registered for Netscape's "Netcenter," the email address is also
transfered. Also the name of the local machine and the operating
system is revealed to AOL/Netscape.
Netscape's search function goes even further: it logs what the user
is searching and where he finally finds it. In combination with the
downloads information, a Netscape user turns almost completely into a
transparent surfer, especially, when these informations include the
email address. This makes the data extremely interesting to
advertising companies. These could bury the user in spam messages
without providing a clue how they compiled the information.
regards,
Dre.
--jrpamc wd-iis : internet information services a jrpamc press agency media consult company wd-iis
http://www.safer-hex.de : tagesaktuelle Infos über Computer- und online-Sicherheit, und http://www.dvd-aktuell.de : alles rund um En- tertainment in digitaler Qualität im Kino und auf DVD zuhause.
- Next message: Daniel Jacobowitz: "Re: sendmail ;o)"
- Previous message: Jon Paul, Nollmann: "Re: tail -f to a dir"
- In reply to: Mikael Olsson: "Re: The AOL Spyware"
- Next in thread: Oporto, Kenneth: "FW: The AOL Spyware"
- Reply: info: "Re: The AOL Spyware"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]