Bugtraq mailing list archives
Netscape SmartDownload reports file information to AOL
From: jmorel2 () LSU EDU (John L. Morello)
Date: Wed, 12 Jul 2000 13:27:28 -0500
According to a story on The Register, and confirmed by examining my own cookies, Netscape Communicator's SmartDownload component records the files it downloads, the client IP, the server IP, and the time, then forwards this information to AOL without informing the user. In other words, AOL receives a download-by-download report of each file Communicator downloads, its file name, your IP, and the server it came from. This information is passed on to AOL without user interaction or notification. Additionally, the information is recorded locally in a cookie file. When combined with other exploits which allow for remote transfer of cookie files, this vulnerability could reveal detailed information on a user's browsing habits. For more information, see the story at http://www.theregister.co.uk/content/1/11895.html ____________________________ ::: John L. Morello ::: LSU Office of Computing Services <HR NOSHADE> <UL> <LI>text/x-vcard attachment: John_L._Morello.vcf </UL> <HR NOSHADE> <UL> <LI>application/x-pkcs7-signature attachment: smime.p7s </UL>
Current thread:
- Pollit CGI-script opens doors! The Warlock (Jul 11)
- Logdaemon ftpd and setproctitle() Wietse Venema (Jul 10)
- Re: Pollit CGI-script opens doors! jerry (Jul 11)
- REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER Eric Hines (Jul 11)
- Re: REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER Andrew L . Davis (Jul 11)
- Updated - Microsoft Security Bulletin (MS00-041) Microsoft Product Security (Jul 12)
- Netscape SmartDownload reports file information to AOL John L. Morello (Jul 12)
- RSA Aceserver UDP Flood Vulnerability Gwendolynn ferch Elydyr (Jul 12)
- ftp.pl vulnerability zillion @ safemode (Jul 12)
- ISC DHCP client v2 hole fixed...or not? Pavel Kankovsky (Jul 12)
- cvsweb: remote shell for cvs committers Joey Hess (Jul 12)
- FreeBSD Security Advisory: FreeBSD-SA-00:33.kerberosIV FreeBSD Security Advisories (Jul 12)
- eEye Digital Security ports nmap to Windows NT Marc (Jul 13)
- Lame DoS in WEBactive win65/NT server Prizm (Jul 13)
- Security Bulletins Digest patrick () PINE NL (Jul 13)
- More wIRCSrv stupidity Drew (Jul 13)
- Re: More wIRCSrv stupidity Alex Charalabidis (Jul 13)
(Thread continues...)