PDA

View Full Version : So, tell me this. Just how much can you find out?



User1
07-02-2002, 09:04 PM
Hello, I'm new to the forum. I'm viewing this from a User point of view - non technical.

So, just how much can you find out about me with your code? In answering, do not violate TOS - just simple yes/no will do.

1) Can you read the client's browser history?
2) Can you read other people's cookies on the client?
3) Can you read the client's Favorite list?
4) I've read here (or it was implied) that you could even grab my email address, if you wished. True?
5) What about previous forms entry, if I have the remember feature turned on? Can you read all that, too?

What else have I been too ignorant to ask?

How do you, the savvy techy, protect yourself when surfing the web? How can I protect myself?

Through the school of hard knocks I've learned a little and have taken a few steps toward a more secure experience. I now use Windows XP, XP's firewall and a proxy server. I have a low-limit credit card for e-transactions or I use a service like PayPal.

So, what do you say? Will you advise a non-techy user? What advise would you give your mama? (Assuming, of course, you liked her!)

Thanks for your time. I love reading all the posts. I learn something everytime.

joh6nn
07-02-2002, 09:13 PM
none of the 5 things you listed are possible, excepting possibly due to bugs in browsers.

generally, i set up everything for my mom myself, because she just has no clue whatsoever.

Tonz
07-02-2002, 09:27 PM
As far as the first part of your post is concerned, hang on to your hat, the "techie" forum members will (I am sure) surprize you....

For the protection side from spam and virusus, firewalls and anti virus programs provide limited protection, once you click the button to download your e-mails the virus is on its way, has two minor hurdles and then has free access to your address book.

I use a new (read beta) program that scans the e-mails while they are still on the server, once the emails have been scaned and displayed I decide if I want to download or errase the e-mails, THEN I down load them.

I also keep my address book seperate from the e-mail program (actualy, I use the all popular, steam powered, - Outlook Express). The address book is 448bit encripted, so just in-case I do get a virus, it is not going to replicate its self through my address book to my clients.

The mail scanner is free at the moment from here..



Maidensoft (in New Zealand of course) (http://www.maidensoft.com/)

The address book is avaialable soon, but will be a small charge. (So I am told, I don't work for these guys, but I do know them)

I understand they may be charging for all their products soon as the response and feedback has been briliant.

Hope this has been of some help.


Tonz

whackaxe
07-02-2002, 09:30 PM
all of those things are nearly impossible apart from the cookies due to a bug in IE you can (altho im not going to explain how of course) show the cookie of another page and save it to a file with asp for example

Quiet Storm
07-03-2002, 02:18 AM
You could take a look at this:

http://www.gemal.dk/browserspy/

Has a whole lot of things - probably everything that's possible.

:)

jkd
07-03-2002, 02:52 AM
When you use IE, anything can become possible. :rolleyes:

Even Opera has had its fair share of security issues (some particularly nasty ones), and with Gecko - issues have been made apparent (though at far less frequency than other browsers), but are rapidly fixed to the point they show up in the very next nightly, or the one after that.

By design though, none of that is possible, though #1 is doable (and documented) using signed scripts (in NS), which explicitly ask the user if they want to do this.

Spookster
07-03-2002, 03:27 AM
And just to confirm #1.



<html>
<head>
<title>Displaying the History List - Netscape</title>
</head>
<body>
<script language="JavaScript">
<!--//
netscape.security.PrivilegeManager.enablePrivilege('UniversalBrowserRead');
for (i=0;i<history.length;i++){
document.writeln('<h3><a href="'+history[i]+'">'+history[i]+'</a></h3>');
document.close();
}
//-->
</script>
</body>
</html>


:)

User1
07-03-2002, 09:49 PM
to be completely, 100% safe one must abstain from surfing at all.

thanks for all the replies.
very eye-opening.