Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

IP: Netscape SmartDownload reports file information to AOL

From: Dave Farber <farber () cis upenn edu>
Date: Thu, 13 Jul 2000 20:28:54 -0400



From: "Eric D. Williams" <eric () infobro com>
To: "Dave Farber (E-mail)" <farber () cis upenn edu>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

An interesting development from AOL/Netscape.

Eric
Eric Williams, Pres.
Information Brokers, Inc.    Phone: +1 202.889.4395
http://www.infobro.com/        Fax: +1 202.889.4396
           For More Info: info () infobro com
                    PGP Public Key
   http://new.infobro.com/KeyServ/EricDWilliams.asc
Finger Print: 1055 8AED 9783 2378 73EF  7B19 0544 A590 FF65 B789


- -----Original Message-----
From:   John L. Morello [SMTP:jmorel2 () LSU EDU]
Sent:   Wednesday, July 12, 2000 2:27 PM
To:     BUGTRAQ () SECURITYFOCUS COM
Subject:        Netscape SmartDownload reports file information to AOL

According to a story on The Register, and confirmed by examining my
own
cookies, Netscape Communicator's SmartDownload component records the
files
it downloads, the client IP, the server IP, and the time, then
forwards this
information to AOL without informing the user.  In other words, AOL
receives
a download-by-download report of each file Communicator downloads, its
file
name, your IP, and the server it came from.  This information is
passed on
to AOL without user interaction or notification.  Additionally,
the information is recorded locally in a cookie file.  When combined
with
other exploits which allow for remote transfer of cookie files, this
vulnerability could reveal detailed information on a user's browsing
habits.  For more information, see the story at
http://www.theregister.co.uk/content/1/11895.html
____________________________
:::   John L. Morello   :::
LSU Office of Computing Services

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.5 for non-commercial use <http://www.nai.com>

iQA/AwUBOW5eIAVEpZD/ZbeJEQLCaACgqVJFsLmdBi75sbZ3uzYg+xLTldEAoMIQ
tpfvPAcOyNnSg7xRmSXMGxv3
=w+uO
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: