funsec mailing list archives
RE: Yet another problem at whitehouse.gov
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Tue, 27 Dec 2005 14:12:58 -0500
Hi Larry, Here are some of the missing images that I'm seeing with a packet sniffer: http://www.whitehouse.gov/images/header3/home_on_r2_c8.jpg http://www.whitehouse.gov/images/header3/home_on_r2_c11.jpg http://www.whitehouse.gov/images/header3/home_on_r2_c15.jpg http://www.whitehouse.gov/images/header3/home_on_r2_c18.jpg As you can see, they all redirect to a 404 error page. (As an aside, this is an interesting little defect in the HTTP protocol. A browser is expecting an image file, but it is getting back an HTML file. A Web site 404 hanlder might want to return an image file instead based on a .GIF or .JPG extension. Another option is to return a 404 error for image files and not redirect to an error page.) If you don't see the missing images in Firefox, it's probably because they are being loaded by JavaScript and they are not part of the DOM. I had a client making the same error. A packet sniffer is about the only way to spot this kind of problem. The Whitehouse is problably paying 4 to 5 times the amount of money for Web bandwidth than they really need to. BTW, I'm using a product called Fiddler (https://www.fiddlertool.com/fiddler/) to spot these problems. Fiddler is really a great product. It's the best packet sniffer I've run across for watching HTTP traffic. The free price is nice also. As far as Russia goes, it is a great place to visit but I wouldn't want to live there. I did find amusing the Russian supermarkets that sell American software for a couple of bucks per CD-ROM. Richard -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Larry Seltzer Sent: Tuesday, December 27, 2005 1:16 PM To: funsec () linuxbox org Subject: RE: [funsec] Yet another problem at whitehouse.gov Yeah, go back to Russia! But in the meantime, I just made a web page (http://www.larryseltzer.com/whtest.html) which references every graphic listed on the whitehouse.gov site, as listed by the Firefox View Page Info feature. I see 59 of them and they're all hits. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer Contributing Editor, PC Magazine larryseltzer () ziffdavis com -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of TheGesus Sent: Tuesday, December 27, 2005 12:53 PM To: funsec () linuxbox org Subject: Re: [funsec] Yet another problem at whitehouse.gov Why do you hate America? On 12/27/05, Richard M. Smith <rms () computerbytesman com> wrote:
Hi, Here's another problem I just noticed with my packet sniffer at the Whitehouse Web site. The Whitehouse home page is referencing 9 image files which don't exist on the Whitehouse server. The server instead sends back a 19K byte 404 error page for each image file. The missing image problem seems to exist on other Web pages at the Whitehouse site also. Since none of these error pages get cached, 190K bytes of junk is being continuously sent to visitors as they go through the Whitehouse Web site. This is no big deal for folks with broadband connections, but it dramatically increases the amount of data being sent to someone on a dialup connection which typically works only at 5K bytes per second. Without any 404 errors, a Whitehouse Web page should
only by 10K to 30K bytes in size.
Richard M. Smith http://www.ComputerBytesMan.com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Yet another problem at whitehouse.gov Richard M. Smith (Dec 27)
- Re: Yet another problem at whitehouse.gov TheGesus (Dec 27)
- RE: Yet another problem at whitehouse.gov Larry Seltzer (Dec 27)
- RE: Yet another problem at whitehouse.gov Richard M. Smith (Dec 27)
- RE: Yet another problem at whitehouse.gov Larry Seltzer (Dec 27)
- RE: Yet another problem at whitehouse.gov Richard M. Smith (Dec 27)
- RE: Yet another problem at whitehouse.gov Larry Seltzer (Dec 27)
- RE: Yet another problem at whitehouse.gov Richard M. Smith (Dec 27)
- RE: Yet another problem at whitehouse.gov Larry Seltzer (Dec 27)
- Re: Yet another problem at whitehouse.gov TheGesus (Dec 27)
- Re: Re[2]: Yet another problem at whitehouse.gov Gadi Evron (Dec 27)
- <Possible follow-ups>
- Re: Yet another problem at whitehouse.gov Dan Renner (Dec 27)
- Re: Yet another problem at whitehouse.gov Fergie (Dec 27)
- Diebold Dies Larry Seltzer (Dec 27)
- Re: Diebold Dies Nick FitzGerald (Dec 27)
- Diebold Dies Larry Seltzer (Dec 27)