Re: Another Web Site
Kat,
Paranoid? If so, that makes a pair of us (pair a noids!)! I set up a free
firewall after I saw that some commercial programs *for children* were
sending encrypted info back to the company when on internet after child used
program. And since I have set up a passport account in order to ask MS
questions about software problems, now I'm concerned about *that* too.
Sigh.
Dan
----- Original Message -----
From: "Kat" <gertie at PELL.NET>
To: <EUPHORIA at LISTSERV.MUOHIO.EDU>
Sent: Saturday, August 26, 2000 2:44 PM
Subject: Re: Another Web Site
> On 26 Aug 2000, at 16:44, irv wrote:
>
> > On Sat, 26 Aug 2000, Kat wrote:
> > > On 26 Aug 2000, at 13:24, Bernie wrote:
> > >
> > > > On Sat, 26 Aug 2000 12:08:27 -0400, Wayne Overman
<euman at BELLSOUTH.NET>
> > > > wrote:
> > > >
> > > > >for the member function's you'll need a hotmail or passport
account....
> > > > click below if you have neither.
> > > > >
> > >
> > > Btw, "passport account" = internet tracking you by Microsoft. At each
site that MS owns, your
> > > puter will dump a file about you to the site, including the site urls
you visited last. Not for
> > > me, thanks.
> >
> > Kat:
> >
> > I heard somewhere that it also dumps a list of MS apps that are on your
> > computer, in case you "borrowed" some. Can you confirm this?
> > (not that I use MS apps, borrowed or otherwise :)
> >
>
> Well, actually, your web browser ( IE ) does this too, for all
applications in the registry. It does
> this allegedly so the web page server can put together a page that you can
use. Yea, right.
> When i set the User-Agent field in the http headers to "Gertie (Win3.68)"
and surfed over to
> some MS sites, the firewall logged four hits from MS the next day. I have
set the Accept field to
> text/html (this is normally where your browser tells the site what all the
apps on your puter are,
> such as Flash, WinZip, MSPaint, etc.), and the User-Agent in another
browser to Mozilla/4.0
> (compatible; mIRC5.51) (normally this specifies (compatible; MSIE 5.0;
Windows 95; DigExt),
> etc).
>
> Here is what one browser said to me when it asked me for a file These are
the types of files, and
> in some cases the name of the application, that the person has installed
on his puter):
>
> Accept: text/html, text/plain, audio/x-midi, audio/mid, audio/midi,
audio/wav, audio/voc, audio/*,
> image/jpeg, image/gif, image/tiff, image/*, video/x-flick,
message/partial, message/external-
> body, application/postscript, x-be2
> Accept: application/andrew-inset, text/richtext, x-sun-attachment,
audio-file, default,
> audio/basic, audio/*, audio/basic, image/jpeg, image/*, image/gif,
image/x-xwd, message/partial,
> message/external-body, application/postscript, x-be2
> Accept: application/andrew-inset, text/richtext, text/enriched,
x-sun-attachment, audio-file,
> postscript-file, default, mail-file, sun-deskset-message,
application/x-metamail-patch,
> application/applefile, text/sgml, */*;q=0.01
> Accept-Encoding: gzip, compress
> Accept-Language: en
> User-Agent: Lynx/2.8.2rel.1 libwww-FM/2.14
>
> Here is what another sent:
>
> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-powerpoint,
> application/vnd.ms-excel, application/msword, application/x-comet, */*
> Accept-Language: en-us
> Accept-Encoding: gzip, deflate
> User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)
>
> Another browser told me the person has WebWasher installed and running,
and it's version
> number:
>
> User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 95)
WebWasher/1.2.2
>
> The passport account software is active and separate from the browser, and
other than staying
> away from it, i haven't researched it. I highly suspect it has all the
capabilities that ActiveX and
> javascript and VBscript have tho, in other words, it can read every byte
on your harddrive. There
> has been a push in the software industry, including MS, to code all the
applications so a web
> page can delete the application from your harddrives if they want to. To
do this, the browser
> must tell the web page that you have the application, the version, the
registration number, the
> harddrive path to the app (a browser that is JS/ActiveX-enabled can do
this now), then the site
> does the research as to the correct legal owner of that software (they can
do this now), and then
> the browser must accept the command to then delete that directory (a
browser that is
> JS/ActiveX-enabled can do this now). The cure for this, to stop an errant
web page server from
> deleting your legal software, is to route the browser thru a filtering
proxy, and don't install the
> passport software (which will surely bypass the proxy). And btw, most free
isps "break" the
> proxy settings in the browser, meaning you must use another box on a lan
to run the proxy, or
> use a web proxy. What is scary is that when your puter connects to the
internet, it does an
> RARP broadcast, supposedly to verify it's online. It sends the packet to a
site that MS has
> funded, altho MS denies it collects or uses the minimal info contained in
the packet. However,
> since all MS OSs are susceptable to hijacking by re-routing this
transaction, and because the
> transaction is unnecessary, and because MS has a finger in it, i block it
in the firewall also, in
> outgoing and incoming.
>
> Wow, does all that sound paranoid or what??
>
> Kat
|
Not Categorized, Please Help
|
|
