funsec mailing list archives

RE: Yet another problem at whitehouse.gov

From: "Richard M. Smith" <rms () computerbytesman com>
Date: Tue, 27 Dec 2005 14:12:58 -0500

Hi Larry, 

Here are some of the missing images that I'm seeing with a packet sniffer:

http://www.whitehouse.gov/images/header3/home_on_r2_c8.jpg 
http://www.whitehouse.gov/images/header3/home_on_r2_c11.jpg
http://www.whitehouse.gov/images/header3/home_on_r2_c15.jpg
http://www.whitehouse.gov/images/header3/home_on_r2_c18.jpg

As you can see, they all redirect to a 404 error page.  (As an aside, this
is an interesting little defect in the HTTP protocol.  A browser is
expecting an image file, but it is getting back an HTML file.  A Web site
404 hanlder might want to return an image file instead based on a .GIF or
.JPG extension.  Another option is to return a 404 error for image files and
not redirect to an error page.)

If you don't see the missing images in Firefox, it's probably because they
are being loaded by JavaScript and they are not part of the DOM.

I had a client making the same error.  A packet sniffer is about the only
way to spot this kind of problem.  The Whitehouse is problably paying 4 to 5
times the amount of money for Web bandwidth than they really need to.

BTW, I'm using a product called Fiddler
(https://www.fiddlertool.com/fiddler/) to spot these problems.  Fiddler is
really a great product.  It's the best packet sniffer I've run across for
watching HTTP traffic.  The free price is nice also.

As far as Russia goes, it is a great place to visit but I wouldn't want to
live there.  I did find amusing the Russian supermarkets that sell American
software for a couple of bucks per CD-ROM.

Richard

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On
Behalf Of Larry Seltzer
Sent: Tuesday, December 27, 2005 1:16 PM
To: funsec () linuxbox org
Subject: RE: [funsec] Yet another problem at whitehouse.gov

Yeah, go back to Russia!

But in the meantime, I just made a web page
(http://www.larryseltzer.com/whtest.html) which references every graphic
listed on the whitehouse.gov site, as listed by the Firefox View Page Info
feature. I see 59 of them and they're all hits.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
Contributing Editor, PC Magazine
larryseltzer () ziffdavis com 

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On
Behalf Of TheGesus
Sent: Tuesday, December 27, 2005 12:53 PM
To: funsec () linuxbox org
Subject: Re: [funsec] Yet another problem at whitehouse.gov

Why do you hate America?

On 12/27/05, Richard M. Smith <rms () computerbytesman com> wrote:

Hi,

Here's another problem I just noticed with my packet sniffer at the 
Whitehouse Web site.  The Whitehouse home page is referencing 9 image 
files which don't exist on the Whitehouse server.  The server instead 
sends back a 19K byte 404 error page for each image file.  The missing 
image problem seems to exist on other Web pages at the Whitehouse site 
also.  Since none of these error pages get cached, 190K bytes of junk 
is being continuously sent to visitors as they go through the 
Whitehouse Web site.  This is no big deal for folks with broadband 
connections, but it dramatically increases the amount of data being 
sent to someone on a dialup connection which typically works only at 
5K bytes per second.  Without any 404 errors, a Whitehouse Web page 
should

only by 10K to 30K bytes in size.


Richard M. Smith
http://www.ComputerBytesMan.com
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Yet another problem at whitehouse.gov Richard M. Smith (Dec 27)
- Re: Yet another problem at whitehouse.gov TheGesus (Dec 27)
  - RE: Yet another problem at whitehouse.gov Larry Seltzer (Dec 27)
    - RE: Yet another problem at whitehouse.gov Richard M. Smith (Dec 27)
    - RE: Yet another problem at whitehouse.gov Larry Seltzer (Dec 27)
    - RE: Yet another problem at whitehouse.gov Richard M. Smith (Dec 27)
    - RE: Yet another problem at whitehouse.gov Larry Seltzer (Dec 27)
    - RE: Yet another problem at whitehouse.gov Richard M. Smith (Dec 27)
  - Re[2]: Yet another problem at whitehouse.gov Pierre Vandevenne (Dec 27)
    - Re: Re[2]: Yet another problem at whitehouse.gov Gadi Evron (Dec 27)
- <Possible follow-ups>
- Re: Yet another problem at whitehouse.gov Dan Renner (Dec 27)
- Re: Yet another problem at whitehouse.gov Fergie (Dec 27)
  - Diebold Dies Larry Seltzer (Dec 27)
    - Re: Diebold Dies Nick FitzGerald (Dec 27)