funsec mailing list archives

Previous By Date Next
Previous By Thread Next

"Digital peeping Toms" at the Symantec Web site

From: <rms () computerbytesman com>
Date: Thu, 20 Sep 2007 18:24:19 -0400
Hi,

 

Oops, before John Thompson, Symantec's CEO,  says bad things about tracking
cookies, he should check out his own Web site.  There are three Web bugs on
the Symantec home page.  One goes back to Doubleclick and the other two go
to Omniture.  The Omniture Web bugs show how a cookie from a Web site can be
easily shared with a third-party by playing DNS games.

 

Attached are John's quote to Associated Press and the output from my packet
sniffer.

 

Richard M. Smith

 

  _____  

 

 <http://www.technologyreview.com/Wire/19409/>
http://www.technologyreview.com/Wire/19409/


Symantec CEO says Internet tracking programs are digital peeping Toms


BRUSSELS, Belgium (AP) -- Cookies to collect Internet user data are a
serious invasion of privacy,  <http://www.technologyreview.com/Wire/19409/>
Symantec chief executive John Thompson said Wednesday, likening them to ''a
peeping Tom.''

The head of the security software vendor said he thought cookies were
essentially spyware if people are unaware that a program has been downloaded
on their machine to record the sites they visit and do not know what will be
done with that information.

They ''are just as much an invasion of privacy as someone peering in my
bedroom window,'' he said.

''I don't have an issue with people having cookies on their machine as long
as I've been told one just got planted there,'' he said. ''I think there is
an opt-in option here that should be available to everyone.''

.

''If Google and DoubleClick plant a cookie on my machine I want to know
about it and I want to know what they're doing whit the information they
collect,'' he said, insisting he otherwise had no opinion for or against the
deal.

  _____  

GET
/getcamphist;src=1505560;host=om.symantec.com%2Fb%2Fss%2Fsymanteccom%2F1%2FH
.10-PdvU-2%2Fs59549142706272%3F%5BAQB%5D%26vvpr%3Dtrue%26%26ndh%3D1%26t%3D20
%2F8%2F2007%252018%253A11%253A24%25204%2520240%26ppu%3DTC1%26pageName%3Den%2
Fus%253A%2520home%26g%3Dhttp%253A%2F%2Fwww.symantec.com%2Findex.jsp%26cc%3DU
SD%26vvp%3DDFA%25231505560%253Av0%253D%255B%255B%2522DFA%253A%2522%252Blis%2
52B%2522%253A%2522%252Blip%252B%2522%253A%2522%252Blastimp%252B%2522%253A%25
22%252Blastimptime%252B%2522%253A%2522%252Blastclk%252B%2522%253A%2522%252Bl
astclktime%255D%255D%26ch%3DGlobal%2520Home%2520Page%26server%3Dsymantec%26c
1%3DNAM%26c2%3Dus%26c3%3Den%26v26%3DNAM%26v27%3Dus%26v28%3Den%26v29%3DGlobal
%2520Home%2520Page%26c34%3Dsymanteccom%26s%3D1280x1024%26c%3D32%26j%3D1.5%26
v%3DY%26k%3DY%26bw%3D1280%26bh%3D830%26ct%3Dlan%26hp%3DN%26%5BAQE%5D[A2S];or
d=1882664451 HTTP/1.1

Accept: */*

Referer: http://www.symantec.com/index.jsp

Accept-Language: en-us

UA-CPU: x86

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Comcast
Install 1.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.03)

Proxy-Connection: Keep-Alive

Cookie: id=800000fe6724b11

 

(Note tc.symantec.com is really symantec.tcliveus.com [Omniture])

 

GET
/i?siteID=447&ts=1190326284595&location=http%3A%2F%2Fwww.symantec.com%2Finde
x.jsp%3F%26pageName%3Den%2Fus%253A%2520home%26ch%3DGlobal%2520Home%2520Page&
tagv=4.3&tz=-240&r=empty&title=Symantec%20Corp.&cd=32&ah=994&aw=1280&sh=1024
&sw=1280&pd=undefined HTTP/1.1

Accept: */*

Referer: http://www.symantec.com/index.jsp

Accept-Language: en-us

UA-CPU: x86

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Comcast
Install 1.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.03)

Proxy-Connection: Keep-Alive

Host: tc.symantec.com

Cookie: s_vi=[CS]v1|46F2B8C600007154-A290A7A00000BA7[CE]; s_cc=true;
s_dfa=symanteccom; s_sq=%5B%5BB%5D%5D;
TCID=00079ef6-eef9-f656-bb50-cdd60000000a; NSC_T`nboufd=445b32347863

 

 

(Note om.symantec.com  is really symanteccom.112.2o7.net [Omniture])

 

GET
/b/ss/symanteccom/1/H.10-PdvU-2/s59549142706272?[AQB]&ndh=1&t=20/8/2007%2018
%3A11%3A24%204%20240&ppu=TC1&pageName=en/us%3A%20home&g=http%3A//www.symante
c.com/index.jsp&cc=USD&vvp=DFA%231505560%3Av0%3D%5B%5B%22DFA%3A%22%2Blis%2B%
22%3A%22%2Blip%2B%22%3A%22%2Blastimp%2B%22%3A%22%2Blastimptime%2B%22%3A%22%2
Blastclk%2B%22%3A%22%2Blastclktime%5D%5D&ch=Global%20Home%20Page&server=syma
ntec&c1=NAM&c2=us&c3=en&v26=NAM&v27=us&v28=en&v29=Global%20Home%20Page&c34=s
ymanteccom&s=1280x1024&c=32&j=1.5&v=Y&k=Y&bw=1280&bh=830&ct=lan&hp=N&[AQE]
HTTP/1.1

Accept: */*

Referer: http://www.symantec.com/index.jsp

Accept-Language: en-us

UA-CPU: x86

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Comcast
Install 1.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.03)

Proxy-Connection: Keep-Alive

Host: om.symantec.com

Cookie: s_vi=[CS]v1|46F2B8C600007154-A290A7A00000BA7[CE]; s_cc=true;
s_dfa=symanteccom

 


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: