Vulnerability Development mailing list archives
Re: jump2.eudora.com
From: Matt Zimmerman <mdz () CSH RIT EDU>
Date: Mon, 28 Aug 2000 00:11:30 -0400
On Sun, Aug 27, 2000 at 04:32:58PM -0400, William Daskaluk wrote:
So it sent a request to jump2.eudora.com which looks like the following... GET /jump.cgi?action=update&platform=Windows 98 v.04.10.2222&product=Eudora&version=4.3.2 All that other junk in the tcpdump was just your computer negotiating a connection. Where exactly is this 'information' that eudora is sending? It looks to me like it is simply checking to see if a newer version of Eudora is available.
- The OS and version running on the origin host - The version of Eudora running on the origin host - The fact that the origin host is probably used for reading mail - A hint that the origin host is probably a single-user system (where security tends to be weaker) Probably harmless in most situations, but there should be an option to disable this check for the benefit of security-paranoid and privacy-conscious users. -- - mdz
Attachment:
_bin
Description:
Current thread:
- jump2.eudora.com William Daskaluk (Aug 27)
- Re: jump2.eudora.com Matt Zimmerman (Aug 28)
- Re: jump2.eudora.com Brad Griffin (Aug 28)
- Re: jump2.eudora.com Erik Tayler (Aug 28)
- Re: jump2.eudora.com Bluefish (P.Magnusson) (Aug 29)
- Re: jump2.eudora.com Brad Griffin (Aug 28)
- Re: jump2.eudora.com Teicher, Mark (Aug 29)
- Re: jump2.eudora.com Matt Zimmerman (Aug 28)
- Re: jump2.eudora.com Fabio Roccatagliata (Aug 28)
- Re: jump2.eudora.com Schlachter, Jake (Aug 28)
- <Possible follow-ups>
- Re: jump2.eudora.com Robert G. Ferrell (Aug 28)
- Re: jump2.eudora.com Perry Anton (Aug 28)
- Re: jump2.eudora.com Brad Griffin (Aug 28)
- Re: jump2.eudora.com Dragos Ruiu (Aug 28)