Security Basics mailing list archives
Re: Clear gif on a web site
From: Todd Haverkos <infosec () haverkos com>
Date: Fri, 19 Feb 2010 13:04:32 -0600
Alex <alex.tsr () gmail com> writes:
While I was trying to troubleshoot why squid could not finish loading some specific web pages on a well known company's (you could even say security related, too) web site I found this on squid's logs, TCP_MISS/200 850 GET http://<LONG URL>r=<HTTP URL OF SITE THAT I OPENED THE LINK FROM>&cc=USD&ch=store%3AHHO&events=prodView&s=1440x900&c=24&j=1.6&v=Y&k=Y&bw=1170&bh=806&p=Picasa%3BShockwave%20Flash%3BFlip4Mac%20Windows%20Media%20Plugin%202.3%20%3BGoogle%20Talk%20NPAPI%20Plugin%3BHP%20Virtual%20Rooms%20Plug-in%3BiPhotoPhotocast%3BMicrosoft%20Office%20Live%20Plug-in%3BQuickTime%20Plug-in%207.6.3%3BSilverlight%20Plug-In%3B&AQE=1 DIRECT/xxx.xxx.xxx.xxx image/gif This was what, for some reason, squid could not open. So, I took a closer look to the whole URL and found out that this was a 2x2 clear GIF which tracks the information you see above. This made me wonder. Is it legal for sites to use these trackers? (I suspect it's a gray zone) Is it considered ethical nowadays?
Hi Alex, It's a little surprising for it to be so non-obfuscated in the info it's sending about your browser config, but there are lots of site that do look at such info, and single pixel gifs are definitely not new. It's commonplace enough that it may pass for ethical, or at least part of the terms of use at the website in question. Javascript (if allowed to run) can enumerate all that info with built in methods, as in: http://www.java2s.com/Code/JavaScript/Development/JavaScripttoenumerateanddisplayallinstalledplugins.htm I imagine that image GET is dynamically created from client-side Javascript. The image itself isn't magical by any stretch, but what the server is going with it once that info is logged is anyone's guess. It could be totally benign, or it could be using that as a fingerprint of unique users, as any given users browser/resolution and plugin fingerprint is typically rather unique. Best Regards, -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Clear gif on a web site Alex (Feb 19)
- Re: Clear gif on a web site Todd Haverkos (Feb 19)