RE: The Hazard of using 'printer friendly' functions on commercial sites

["Thierry De Leeuw" <thierry.deleeuw () advalvas be>]

Hi,

A possible workaround is to check the referrer. If it is not empty (link
sent by mail,...) or does not come from your web, just link to the normal
page (with the ads ;-) )

Just my 2 cents ;-)

Regards,

Thierry De Leeuw

-----Original Message-----
From: Max Kennedy [mailto:mxkennedy () fuse net]
Sent: lundi 29 avril 2002 19:27
To: vuln-dev () securityfocus com
Subject: The Hazard of using 'printer friendly' functions on commercial
sites


There is a problem that commercial web sites, particularly ones that serve
news feeds need to consider.  That other commercial web sites may use
your 'printer-friendly' feature, intended for individuals to print out
stories
on their printers, as a method to link to your stories while removing your
ads.

I first noticed www.worldnetdaily.com and www.drudgereport.com doing this
to yahoo news.

Both of these sites are high volume sites that make their money by linking
to
stories.  By adding '&printer=1"  to links, about 90% of yahoo's ads are
removed.  This means that yahoo serves the stories, but doesn't get paid.

This seems very dishonest to me, especially considering that the other sites
are also commercial, and make their money this way.

The vendor yahoo has been contacted.

Suggestions: Change your TOS to explicitly cover this type of malicious
activity and damages you might seek.  Seek out high volume sites taking
advantage of
your sites and send them warning letters.  Reconsider if you really need a
printer friendly function.

Max Kennedy