funsec mailing list archives
"Digital peeping Toms" at the Symantec Web site
From: <rms () computerbytesman com>
Date: Thu, 20 Sep 2007 18:24:19 -0400
Hi, Oops, before John Thompson, Symantec's CEO, says bad things about tracking cookies, he should check out his own Web site. There are three Web bugs on the Symantec home page. One goes back to Doubleclick and the other two go to Omniture. The Omniture Web bugs show how a cookie from a Web site can be easily shared with a third-party by playing DNS games. Attached are John's quote to Associated Press and the output from my packet sniffer. Richard M. Smith _____ <http://www.technologyreview.com/Wire/19409/> http://www.technologyreview.com/Wire/19409/ Symantec CEO says Internet tracking programs are digital peeping Toms BRUSSELS, Belgium (AP) -- Cookies to collect Internet user data are a serious invasion of privacy, <http://www.technologyreview.com/Wire/19409/> Symantec chief executive John Thompson said Wednesday, likening them to ''a peeping Tom.'' The head of the security software vendor said he thought cookies were essentially spyware if people are unaware that a program has been downloaded on their machine to record the sites they visit and do not know what will be done with that information. They ''are just as much an invasion of privacy as someone peering in my bedroom window,'' he said. ''I don't have an issue with people having cookies on their machine as long as I've been told one just got planted there,'' he said. ''I think there is an opt-in option here that should be available to everyone.'' . ''If Google and DoubleClick plant a cookie on my machine I want to know about it and I want to know what they're doing whit the information they collect,'' he said, insisting he otherwise had no opinion for or against the deal. _____ GET /getcamphist;src=1505560;host=om.symantec.com%2Fb%2Fss%2Fsymanteccom%2F1%2FH .10-PdvU-2%2Fs59549142706272%3F%5BAQB%5D%26vvpr%3Dtrue%26%26ndh%3D1%26t%3D20 %2F8%2F2007%252018%253A11%253A24%25204%2520240%26ppu%3DTC1%26pageName%3Den%2 Fus%253A%2520home%26g%3Dhttp%253A%2F%2Fwww.symantec.com%2Findex.jsp%26cc%3DU SD%26vvp%3DDFA%25231505560%253Av0%253D%255B%255B%2522DFA%253A%2522%252Blis%2 52B%2522%253A%2522%252Blip%252B%2522%253A%2522%252Blastimp%252B%2522%253A%25 22%252Blastimptime%252B%2522%253A%2522%252Blastclk%252B%2522%253A%2522%252Bl astclktime%255D%255D%26ch%3DGlobal%2520Home%2520Page%26server%3Dsymantec%26c 1%3DNAM%26c2%3Dus%26c3%3Den%26v26%3DNAM%26v27%3Dus%26v28%3Den%26v29%3DGlobal %2520Home%2520Page%26c34%3Dsymanteccom%26s%3D1280x1024%26c%3D32%26j%3D1.5%26 v%3DY%26k%3DY%26bw%3D1280%26bh%3D830%26ct%3Dlan%26hp%3DN%26%5BAQE%5D[A2S];or d=1882664451 HTTP/1.1 Accept: */* Referer: http://www.symantec.com/index.jsp Accept-Language: en-us UA-CPU: x86 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Comcast Install 1.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.03) Proxy-Connection: Keep-Alive Cookie: id=800000fe6724b11 (Note tc.symantec.com is really symantec.tcliveus.com [Omniture]) GET /i?siteID=447&ts=1190326284595&location=http%3A%2F%2Fwww.symantec.com%2Finde x.jsp%3F%26pageName%3Den%2Fus%253A%2520home%26ch%3DGlobal%2520Home%2520Page& tagv=4.3&tz=-240&r=empty&title=Symantec%20Corp.&cd=32&ah=994&aw=1280&sh=1024 &sw=1280&pd=undefined HTTP/1.1 Accept: */* Referer: http://www.symantec.com/index.jsp Accept-Language: en-us UA-CPU: x86 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Comcast Install 1.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.03) Proxy-Connection: Keep-Alive Host: tc.symantec.com Cookie: s_vi=[CS]v1|46F2B8C600007154-A290A7A00000BA7[CE]; s_cc=true; s_dfa=symanteccom; s_sq=%5B%5BB%5D%5D; TCID=00079ef6-eef9-f656-bb50-cdd60000000a; NSC_T`nboufd=445b32347863 (Note om.symantec.com is really symanteccom.112.2o7.net [Omniture]) GET /b/ss/symanteccom/1/H.10-PdvU-2/s59549142706272?[AQB]&ndh=1&t=20/8/2007%2018 %3A11%3A24%204%20240&ppu=TC1&pageName=en/us%3A%20home&g=http%3A//www.symante c.com/index.jsp&cc=USD&vvp=DFA%231505560%3Av0%3D%5B%5B%22DFA%3A%22%2Blis%2B% 22%3A%22%2Blip%2B%22%3A%22%2Blastimp%2B%22%3A%22%2Blastimptime%2B%22%3A%22%2 Blastclk%2B%22%3A%22%2Blastclktime%5D%5D&ch=Global%20Home%20Page&server=syma ntec&c1=NAM&c2=us&c3=en&v26=NAM&v27=us&v28=en&v29=Global%20Home%20Page&c34=s ymanteccom&s=1280x1024&c=32&j=1.5&v=Y&k=Y&bw=1280&bh=830&ct=lan&hp=N&[AQE] HTTP/1.1 Accept: */* Referer: http://www.symantec.com/index.jsp Accept-Language: en-us UA-CPU: x86 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Comcast Install 1.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.03) Proxy-Connection: Keep-Alive Host: om.symantec.com Cookie: s_vi=[CS]v1|46F2B8C600007154-A290A7A00000BA7[CE]; s_cc=true; s_dfa=symanteccom
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- "Digital peeping Toms" at the Symantec Web site rms (Sep 20)