"PC Flank" Browser Test firewall checker

So, I'm going through having a script configured for me, and one of the
things to do is
go to those port checker websites. One of them reported that my browser
accepts cookies
and that when it visits a web site it reveals "private information", namely
"referrer."

What happened? Those used to be perfectly innocuous. A cookie is a little
text snippet
with name=value pairs, and "referrer" is part of an HTTP header that simply
is the
page on which the link you're going to was clicked. What's so evil about
that?

Thanks,
Rich

"Rich Grise" <(E-Mail Removed)> wrote in message
news:W9Dvc.14742$(E-Mail Removed)
> What happened? Those used to be perfectly innocuous. A cookie is a little
> text snippet
> with name=value pairs, and "referrer" is part of an HTTP header that simply
> is the page on which the link you're going to was clicked. What's so evil about
> that?

It sometimes contains login and password values, or session id, which
can be stolen with a CSS attack... or any other trick.


--
Posted via Mailgate.ORG Server - http://www.Mailgate.ORG

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Rich Grise wrote:

> So, I'm going through having a script configured for me, and one of the
> things to do is
> go to those port checker websites. One of them reported that my browser
> accepts cookies
> and that when it visits a web site it reveals "private information", namely
> "referrer."
>
> What happened? Those used to be perfectly innocuous. A cookie is a little
> text snippet
> with name=value pairs, and "referrer" is part of an HTTP header that simply
> is the
> page on which the link you're going to was clicked. What's so evil about
> that?

Cookies are frequently used by advertiser sites (say doubleclick) in conjunction
with provider sites(say, news.com) to track you as a specific person. These
partners match registration data (collected by the provider) against
advertisement visits (collected by the advertiser) through the common cookie
shared by both, and come up with /your/ preferences. They then target you with
selected ads, both through the web-browser and through other channels (email,
snail-mail, telephone) courtesy of the personal information you left when you
registered.

Referrer information is used in order to determine which provider site gets to
collect revenue from the advertisement site. If you click on a doubleclick.net
ad, doubleclick needs to know which site you came from in order to pay them for
your visit. They also use this to build up a profile of which sites are most
effective in persuading people to go to the ad website, again by checking where
you came from when you got there. Finally, the advertiser can target ads by
knowing where you came from; if you came from Fortune Magazine's website, it's
likely that you'll spend more money on the 'upgraded' version of whatever they
are selling than if you came from the Consumers Magazine website.




- --
Lew Pitcher
IT Consultant, Enterprise Application Architecture,
Enterprise Technology Solutions, TD Bank Financial Group

(Opinions expressed are my own, not my employers')
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)

iD8DBQFAvxzPagVFX4UWr64RAuB+AKDgH9cIqLVb4lGy4xC+sV KV8zeYNwCg0QlP
uEDcbMk4oGN0MycFS03PVMI=
=lqgR
-----END PGP SIGNATURE-----

"Rich Grise" <(E-Mail Removed)> wrote in message news:<W9Dvc.14742$(E-Mail Removed)>.. .
> So, I'm going through having a script configured for me, and one of the
> things to do is
> go to those port checker websites. One of them reported that my browser
> accepts cookies
> and that when it visits a web site it reveals "private information", namely
> "referrer."
>
> What happened? Those used to be perfectly innocuous. A cookie is a little
> text snippet
> with name=value pairs, and "referrer" is part of an HTTP header that simply
> is the
> page on which the link you're going to was clicked. What's so evil about
> that?

You accept cookies!!?!?! OMG! P A N I C !!! 1337 h@x0rz w1ll 1nvad3
your machine. They will 0wn j00.

Either that or the site that you visited to "test your security" just
*happens* to sell "security" products. Lo and behold, I would bet that
they even sell something that "protects you from all evil" - including
cookies. I think you should buy all of their products. You don't want
to reveal "private information", do you?