karl shah-jenner wrote:
From: "David Dyer-Bennet"
: Telling your email client not to fetch pictures by default defeats them,
: though. A very good idea in email, spammers use it to know a person
: received the email.
true..
: And you *can* tell most decent browsers not to load images by default,
: too; trouble is that makes 99.99% of the web worthless, so it may not be
: a useful option. (In Firefox it's tools/options/content/load images
: automatically).
true also :) my comment about OS's was that the OS still reveals the
information IF a page is called in it's entirety - there's no automatic
protection simply by having a 'safe' OS
Which is certainly true.
I have OB1 as a browser set for suspect pages, loading only the single page
with no links, no media content, no images.
however, simply calling the page still reveals the users PC to the world
Yep; after all, you can't *display* the page if you don't *fetch* the
page, and that connection goes in the logs. (Cable and dialup users
generally just have an IP address from a big pool, dynamically assigned,
so all it tells the person viewing the logs is, roughly, what city the
connection was from; but if you have a permanently-assigned static IP
address, like some DSL users (including me), it's much more specific).
- but the web bug's main use is that it's usually called from another, less
trustworthy location. So for example if I have an ebay auction up and I've
loaded a web bug into the html for a bit of profit from some organisation
who seeks information about users computer habits, calling the page reveals
the computer to ebay - calling the web bug reveals your info to the person
outside ebay. not good. Web bugs however are pretty much a part of life
these days :/
You can match up that the same computer made both accesses by setting a
cookie when the bug is fetched first (if the user is accepting
third-party cookies; many don't) and matching it up to later accesses.
And it doesn't reveal any info beyond the IP address and browser version
directly (it can be used to match up information given at different
places, though).
Since we're onto security again, who here was/still is affected by the Sony
rootkit virus?
Never had the virus on my computers, but it's why I work so hard to
avoid buying any Sony products; does that count as "affected"?
--
David Dyer-Bennet, dd-b@xxxxxxxx; http://dd-b.net/dd-b
Pics: http://dd-b.net/dd-b/SnapshotAlbum, http://dd-b.net/photography/gallery
Dragaera: http://dragaera.info
