On Tue, 17 Aug 2004 13:12:16 -0500,Frank McCoy's cat ran across
the 'puter keyboard and out came...
> In alt.support.girl-lovers Power Lurker <me@privacy.net> wrote:
>
> >DO NOT GO TO THIS SITE EVEN WITH A PROXY!!
> >
> >They use Java script which is a way to grab your IP
> >even through a proxy (even chained proxys).
> >
> AFAIK, JavaScript doesn't allow grabbing your IP (or much of anything
> else of interest) off your computer or the place you're going through.
>
> Java, yes.
> Javascript also lets the user see what the writer is doing.
> (You can usually look at the source-code.)
>
> Again, Java, because it's compiled and not interpreted on your
> machine, can do most anything allowed, and you can't tell what that
> "anything" is.
>
> I do remember writing some PERL code, before Java was invented, and
> collecting IP addresses for a counter, so that duplicate hits the same
> day by the same person wouldn't be counted. That didn't tell me who
> they were; only that somebody from that addy had been using my
> website. Not Java, not JavaScript, but PERL. I presume the same job
> could be done on any website with about any computer language, as long
> as they used CGI (Common Gateway Interface).
The site has CGI references in the source code!
>
> I don't remember JavaScript being able to do that; but I might be
> wrong.
>
> Still, even without Java or JavaScript, it's not all that hard to grab
> the IP address of anybody going to any site, from what I remember, as
> long as the root-user allows CGI scripts in their HTML.
My machine is set up to 'prompt' to allow scripts to run. On entering
the site quite a few (maybe 6) 'prompts' popped-up. I should have been
more technical in differentiating between the prompts as my JAVA
permissions are set to "high" (JAVA applets will not run) for
standard Internet sites. The first time to any site I get a lot of
prompts - scripts, active X, site security cert. ect. If it a site
I know I add it to trusted sites with more permissions given
automatically. The pop-ups do not tell me whether it is a request
to run VBS or CGI but the first time in I always click NO to all
just to see how the site loads without them. Then I do a right click
on the screen and select "view source". Yes, I am aware that
CGI has more to do with it than Java script but a lot of users
do not know what CGI is.
Using a trusted and TESTED proxy with "scripts" disabled is about
as 'safe' as a person can be but for every privacy tool there is
some one out there working on a way to get around them. Most
free proxy s do no more than give you a false sense of security.
Some are even 'transparent' IOW not there - and some of these are
called free proxy. Any proxy used should FIRST be run at a test
site to find out if it 'leaks' info about you.
>
> So, if you really want to be paranoid, don't browse the web.
Wording changed to clarify:
> >I tested this site with a high security proxy and (elite)
> >it is set up so things wont work without <scripts>! (the site)
> >
> >Go there and your name WILL end up on LEAs list!
If not today - MOST likely some time in the future.
> Possible.
> Still, they couldn't DO anything unless you said something stupid.
> Your name is probably on various lists anyway.
> But I still wouldn't trust any website as far as I could throw a brick
> chimney by it's smoke, when it comes down to security. If nothing
> else, they give the siteholder just another chance and point-of-attack
> on your computer. Not QUITE as dangerous as IRC or any "instant
> messaging" system like AOL or Micro$haft, but never really secure.
There is a new 'onion router' type set-up in beta right now called
TOR. An 'onion router' is like what it says, a layer of encryption
wrapped around data 'packets' with only destination info as part
of the 'outer' layer. Every server it passes through 'peels off'
a layer and reads the next destination. The more 'gateways' the
more secure the info is - same idea as re mailers. They are looking
for users willing to set up their machines as 'servers' for routing
as the more set up the better the system will work. Re: IRC
>
> For the truly paranoid, there are methods of posting to newsgroups
> (short messages anyway) that are close to impossible to trace. I know
> of no such methods for instant messaging, relay-chat, or website use.
JBN - QS
> So, if you're going to say something stupid ... Uh ... don't.
> There just isn't any really secure place to say anything and
> everything and speak your mind ... or especially not to admit doing
> anything illegal. Nor is any venue a good place to make threats or
> plan illegalities. If nothing else, you CAN be sued or lose your ISP
> service.
>
>
We both know that a Sam Spade done on an IP leads right to your 'front
door'.
<try one on mine><BG>
I do not trust any site that relies on CGI/bin to load properly!
Sites are easily set up that do without them.
The site in question specifically asks for "age range of interest" as
part of the sign up (field must be filled in). A look at the info
they asked for - particularly wanting a valid email addy in order
to log on should ring alarms. There are a lot of newbies unaware of
security steps required. To fill in the form honestly and provide
all info requested with valid data would be considered an 'admission'
in court to being a paedophile. Even if the web site is not LEA run
they could easily subpoena records from the web site database at any
time in the future. With the direction things are going - this is
NOT a good thing to have stored on Lord only knows which and how
many computers.
Hence, my warning in the strongest terms possible!! (even if a tad
misleading)
BTW - this guy has been cross posting this AD (spamming) a lot of NG's
His response posts to my warning also make me suspect the site! A bit
to eager to get sign-ups maybe?
--
Sometimes, something or someone - maybe!
_________________________________
|
|