Sarick
It's Only Logical
Premium
join:2003-06-03
USA |  DSLreports Clicking a link in forums?
Could clicking a link in DSLreports allow someone to steal your DSLreports password or cookie to get your email?
I've been told that is a security flaw by an admin of a very populer site. CjayC Gamefaqs.com
Anyone? |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
 ·Optimum Online
 ·Vonage
| huh?
I certainly hope you're kidding.......
How can you go to a site like this and NOT click any links? Do you stay on the homepage and never move around?
THINK about what you just posted.
--
»www.sarahbrightman.co.uk HAREM |
|
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ
 ·Speakeasy
| reply to Sarick
said by Sarick  :
I've been told that is a security flaw by an admin of a very populer site. CjayC Gamefaqs.com
Anyone?
Someone tells me someone is pulling your leg.
--
JKK Age is a very high price to pay for my maturity. If I can't stay young, I can at least stay immature! |
|
Lucif4
Premium
join:2000-12-12
clubs:
| reply to Sarick
said by Sarick :
I've been told that is a security flaw by an admin of a very populer site. CjayC Gamefaqs.com
Someone once told me to never get on the internet because it's dangerous.
said by Sarick :
Could clicking a link in DSLreports allow someone to steal your DSLreports password or cookie to get your email?
Yes, but highly unlikely. If someone was going to "steal" information from you, it will likely be from your own computer by using a keylogger or spyware.
--
Aim low, shoot high. |
|
Sarick
It's Only Logical
Premium
join:2003-06-03
USA
·FrontierNet Intern..
|  reply to Sarick
No really.
If your in a site then the link you click on if it's inside that site and your ON that site because it's frendly then isn't there a chance that they could call a cookie from your computer. You are clicking on a link that is on DSL reports.
I'm thinking it might be possible, don't get me wrong the cookies work with IP addresses. Check GRC.com and run the cookie test. If you click on a link at this site there might be a way to trick the IE into sending the URL host your cookie info.
This is a security fourm, unless you know the ends and outs don't dog this possible risk I'm looking for people use want to find security risk. |
|
Lucif4
Premium
join:2000-12-12
clubs:
| The program I believe you are talking about is IDServe. Correct?
said by Steve Gibson:
Additional applications for ID Serve:
Simple Cookie Scout: If you are curious about the appearance, format, expiration, and use of a web site's browser cookies, ID Serve can be a convenient way to examine a web site's cookies without either providing or accepting that site's cookies. Simply scroll back through the "Server query processing" window to examine the "Cookie:" header lines sent by the site's web server.
Did you see a cookie header line? Why do you think this is a security risk here at DSLReports?
--
Aim low, shoot high. |
|
Randy Bell
Premium
join:2002-02-24
Santa Clara, CA
| said by Lucif4 :
The program I believe you are talking about is IDServe. Correct? .. Did you see a cookie header line? Why do you think this is a security risk here at DSLReports?
I see no cookie header line .. 
--
"But now abide faith, hope, love, these three; but the greatest of these is love." (1 Cor. 13:13) |
|
dp
Go Steelers
Premium,MVM
join:2000-12-08
Greensburg, PA
·Verizon Online DSL
| reply to Sarick
said by Sarick :
Could clicking a link in DSLreports allow someone to steal your DSLreports password or cookie to get your email?
I've been told that is a security flaw by an admin of a very populer site. CjayC Gamefaqs.com
Anyone?
I wouldn't worry about that. We have far to many other security items that are real threats to worry about. Click away, you are safe
--
Write your questions down on the back of a $20 dollar bill and send them to me |
|
nil
Java Geek
join:2000-11-27
Host:
Webmasters and Dev..
Forum Feature Requ..
| reply to Sarick
The password isn't stored in a cookie.. neither is the email address so even if clicking a link could get your cookie it wouldn't do that..
There are more security features.. just having someone's cookie isn't enough.
--
Life is too short to be boring |
|
jdong
Eat A Beaver, Save A Tree.
Premium
join:2002-07-09
Rochester, MI
clubs:
| said by nil :
The password isn't stored in a cookie.. neither is the email address so even if clicking a link could get your cookie it wouldn't do that..
There are more security features.. just having someone's cookie isn't enough.
It depends on the intelligence of the user, like this:
»www.google.com/
Fall for that?
--
---This area is intentionally left blank.--- |
|
nil
Java Geek
join:2000-11-27
Host:
Webmasters and Dev..
Forum Feature Requ..
| That's still just a link.. just mislabled.. and that doesn't steal a cookie!
This has nothing to do with intelligence.. just experience and knowledge of html & internet.
--
Life is too short to be boring |
|
jdong
Eat A Beaver, Save A Tree.
Premium
join:2002-07-09
Rochester, MI
clubs:
| said by nil :
That's still just a link.. just mislabled.. and that doesn't steal a cookie!
Yep, but it could launch some exploits... anyway, from what I know about DSLR, it's impossible to steal passwords from clicking a link...
--
---This area is intentionally left blank.--- |
|
Sarick
It's Only Logical
Premium
join:2003-06-03
USA
·FrontierNet Intern..
|  reply to Sarick
So you don't think this site is at risk.
Thank you for helping me with this. I do know that linmks can be dangerous ever with spybot + spyware guard + spyware blaster + zone alarm + latest OS paches + anti virus.
Seems almost endless. I think the cookie flaw is a well guarded secret though. Glad DSLreports doen't use that info in the cookie.
|
|
Marilla
I Am My Own Arbiter
Premium
join:2002-12-06
Belpre, OH
| reply to Sarick
There actually IS a way that a password to a forum you are visiting could be stolen by a link in a post on that forum...
Some forums - thankfully, not many - actually include your password in the query string (in the URL, basically). Some of them do this as a way to avoid having to use cookies at all.
The problem is, if every page you visit on a site includes that, if someone puts a link in a post to their site, and you click that link, their website logs will show the 'referer'... that is, the web page that contained the link that you clicked on to arrive at their site. The 'referer' includes the entire URL of the page that had the link... meaning if your username/password are stored in the query string, they will be logged by the site you clicked through to as part of the 'referer'.
That site, however, does not use such a system, and of course, neither does BBR... so there's no trouble there. But if you are ever browsing a site that seems to show username/password up in the address bar, I'd be VERY careful about cross-site links. |
|
Sarick
It's Only Logical
Premium
join:2003-06-03
USA
·FrontierNet Intern..
| Thanks thats the information I needed to know about Marilla.
Now that I know how it is exploited I can protect myself better. I'm sure people who don't know about the ris are better informed by you response.
Thank you..
[text was edited by author 2003-07-20 07:05:49] |
|
Smokey
I killed the Wabbit
Premium
join:2003-05-20
Va Beach
clubs:
·Cox HSI
| what the others were trying to tell you was if you have set up your security correctly, you have little to no risk. If you are so concern about you may want to set up a system that will not allow access to secure information. ultimately it comes down to the user, and there own stupidity. Stupid people do not belong on the internet as they often lead to the many problems that we have. Now I’m no expert, but I know that if I have no business on that site or on the links DON”T CLICK ON THEM
--
If there is any realistic deterrent to marriage, it's the fact that you can't afford divorce. -- Jack Nicholson |
|
Sarick
It's Only Logical
Premium
join:2003-06-03
USA
·FrontierNet Intern..
| reply to Sarick
said by Smokey :
what the others were trying to tell you was if you have set up your security correctly, you have little to no risk. If you are so concern about you may want to set up a system that will not allow access to secure information. ultimately it comes down to the user, and there own stupidity. Stupid people do not belong on the internet as they often lead to the many problems that we have. Now I’m no expert, but I know that if I have no business on that site or on the links DON”T CLICK ON THEM
said by Smokey :
Stupid people do not belong on the internet as they often lead to the many problems that we have.
I know I'm not Stupid, A stupid person doesn't ask questions.
As for security, The largest problem isn't only the user.
People shouldn't be expected to know everything about security. In fact I don't think anyone should need to know about security above a few simple steps. All these things should be handled be the EXPERTS. Microsoft shouldn't be producing a product with default settings at low. Most people get on computers and do 1 or 2 things. They use them as tools for a purpose.
They don't intend on becomming computer experts nore should they need to. People who intend to do harm and have the intellegence to find weeknesses will always have the upper hand because they make it a hobby to break into secure systems etc. These people are dedicated enough that they find the flaws.
The people who make it a hobby of security by learning and finding flaws is VERY rare. Compaired this to the normal user that only intends to use a computer as a tool.
No matter how secure you think you are it's never enough.
The internet is a big place there is no mention of what web pages are ligit and the pages that aren't. How can anyone expect the common user to know the difference from a bad web page link to a good link. Put it this way even populer sites such as IGN, Gameing Age, Cnet, Ebay and Yahoo have been known to install bad cookies and spyware at times.
Even Microsoft updates where hacked. The fact is people can't and never will be expected to know everything about security. So please don't put everyone that is less knowledgible at fault. |
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12 | reply to Sarick
For many users I think pressing the "On" button on their computers is a security risk. |
|
Reverend Ike
Premium
join:2001-08-24
Sacramento, CA
| said by hpguru :
For many users I think pressing the "On" button on their computers is a security risk.
Perhaps you should create a "special" Hpguru Hosts file for them.
4,294,967,295 entries ...  |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
·Optimum Online
·Vonage
| reply to hpguru
said by hpguru :
For many users I think pressing the "On" button on their computers is a security risk.
And people who are THAT (THIS?) paranoid should find another hobby.
Life is a risk.....you can cripple yourself worrying about it.
--
SB2K »www.sarah-brightman.com |
|
