Vulnerability Development mailing list archives
Re: The AOL Spyware
From: info () SAFER-HEX COM (info)
Date: Thu, 13 Jul 2000 12:12:04 +0200
Also sprach Mikael Olsson um 20:53 Uhr +0200 am 08.07.2000:
Yes. I think someone should sniff some traffic and try to parse it (or post it) so that we can see what happens. Who knows, it could concevably be something as innocent as "check for new versions of smart download", but then again, it may not :-P (So let's not cry foul until we see what it's doing. It hurts the security community if we do)
For hyper-references, please visit http://www.safer-hex.com/ 2000/07/11/10.45 AOL/Netscape spies on surfers According to a tecChannel feature article, the functions "SmartDownload" and "Search," both new in Netscapes browser versions 4.7.x, protocol downloads and search queries and transfer these to Netscape, a subsidiary of AOL. The transfer includes file names, search terms and the user's email address without any user consent. Primary benefit of SmartDownload is, that it can continue an interrupted download after the connection has dropped. Right after a download starts, SmartDownload sends a packet to "cgi.netscape.com". Included is the file name and the server address, from where it is being loaded. The user's IP address is also transfered. Is the user registered for Netscape's "Netcenter," the email address is also transfered. Also the name of the local machine and the operating system is revealed to AOL/Netscape. Netscape's search function goes even further: it logs what the user is searching and where he finally finds it. In combination with the downloads information, a Netscape user turns almost completely into a transparent surfer, especially, when these informations include the email address. This makes the data extremely interesting to advertising companies. These could bury the user in spam messages without providing a clue how they compiled the information. regards, Dre. -- jrpamc wd-iis : internet information services a jrpamc press agency media consult company wd-iis () jrpamc com: http://www.jrpamc.com/wd/ http://www.safer-hex.de : tagesaktuelle Infos über Computer- und online-Sicherheit, und http://www.dvd-aktuell.de : alles rund um En- tertainment in digitaler Qualität im Kino und auf DVD zuhause.
Current thread:
- Re: About all the default password databases..., (continued)
- Re: About all the default password databases... Roelof Temmingh (Jul 07)
- Re: About all the default password databases... Jonathan Leto (Jul 07)
- Re: About all the default password databases... Phenoelit (Jul 08)
- Re: BitchX /ignore bug Steve Mosher (Jul 07)
- Re: BitchX /ignore bug Mikael Olsson (Jul 07)
- Re: BitchX /ignore bug Steve Mosher (Jul 08)
- The AOL Spyware Maxime Rousseau (Jul 07)
- Re: The AOL Spyware Mikael Olsson (Jul 07)
- Re: The AOL Spyware Masial (Jul 08)
- Re: The AOL Spyware Mikael Olsson (Jul 08)
- Re: The AOL Spyware info (Jul 13)
- Re: BitchX /ignore bug Bluefish (Jul 07)
- Re: BitchX /ignore bug Slawek (Jul 07)
- Re: BitchX /ignore bug Arturo Busleiman (Jul 07)
- Re: BitchX /ignore bug Crispin Cowan (Jul 07)
- Re: BitchX /ignore bug Hogenberg, Richard (Jul 07)
- Re: BitchX /ignore bug Bluefish (Jul 07)
- Re: BitchX /ignore bug Schlachter, Jake (Jul 07)
- Re: BitchX /ignore bug Bluefish (Jul 08)
- Re: BitchX /ignore bug Christofer C. Bell (Jul 08)
- Re: BitchX /ignore bug Erich Meier (Jul 11)