Bugtraq mailing list archives
Re: Netscape Referer header considered harmful?
From: crewdsoa () MAGIC DCRT NIH GOV (Crewdson, Andy)
Date: Wed, 6 Aug 1997 17:00:39 -0400
In response to your question about when the HTTP_REFERER with the "file:///" string is sent: In Netscape Communicator 4.01a (NT4), the value is present in HTTP_REFERER only when the user clicks on the link in their bookmark.htm file. The "file:///" referer value is not passed when they choose a bookmark from the Bookmarks menu. A link chosen from the Bookmarks menu sends an empty HTTP_REFERER value. andy -----Original Message----- From: Ronald L. Parker [SMTP:ron () FARMWORKS COM] Sent: Monday, August 04, 1997 11:10 AM To: BUGTRAQ () NETSPACE ORG Subject: Netscape Referer header considered harmful? -----BEGIN PGP SIGNED MESSAGE----- I found something I consider mildly disturbing while browsing my referer log stats today. Viewers to our site today have been referred from the following URLs: file:///Hard%20Disk/System%20Folder/Preferences/Netscape%20%C4/Bookmar s.html file:C:\NETSCAPE\COMM\PROGRAM\USERS\DEFAULT\BOOKMARK.HTM file:///molly's%20bookmarks/molly's%20bookmarks As you can see, this is a cross-platform problem. What I don't know is whether these were sent by people just picking the bookmark from the dropdown or by people using their bookmarks file as a home page. Not having Communicator myself, and not planning to get it any time soon, I can't test this. In any case, file: URLs should be private. The last one is particularly interesting, given that it can be correlated with an IP address. I don't know what you call your bookmarks, but mine are called "Ron Parker's Bookmarks," based (I think) on my identity as told to the mail/news subsystem. So, had I been cutting-edge enough to use Netscape 4.0, I would now be telling my full name to every site in my bookmarks file. Of course, this can also lead to my knowing into exactly which directory you've installed Communicator. This could be useful information as well, and could help to mount an attack on your private email or the list of newsgroups to which you subscribe. In addition, again given that I have your IP address to work with, I might now know something about the internal network structure of your organization (not exemplified by any of the above sites, but think about where you would store your bookmarks if you were using a diskless workstation. Would you be giving me a machine name or just a drive letter?) This information could be invaluable as part of an attempt to bypass your firewall. - -- Ron Parker Webmaster Farm Works Software Come see us at http://www.farmworks.com For PGP public key see http://www.farmworks.com/Ron_Parker_PGP_key.txt -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQB1AwUBM+Xuhdn/ugmVuayZAQFrUwL+LUeoDc/P6ukxNfaNLP88ttXj9HiTAopa eL9Dab+v8njn94pEwsZls3Qkee3cfedFDsOEZzdNN1bCck6wWoKZtnaQVT8JnDax tamq9gMzB0RMxuQFnyt0J6SCOaHpL0Kt =PFqq -----END PGP SIGNATURE-----
Current thread:
- Re: Netscape Referer header considered harmful? Crewdson, Andy (Aug 06)
- <Possible follow-ups>
- Re: Netscape Referer header considered harmful? Phillip M Hallam-Baker (Aug 07)
- Re: Netscape Referer header considered harmful? Amy (Aug 08)