Re: Another Web Site
- Posted by Dan B Moyer <DANMOYER at PRODIGY.NET> Aug 26, 2000
- 480 views
Kat, Paranoid? If so, that makes a pair of us (pair a noids!)! I set up a free firewall after I saw that some commercial programs *for children* were sending encrypted info back to the company when on internet after child used program. And since I have set up a passport account in order to ask MS questions about software problems, now I'm concerned about *that* too. Sigh. Dan ----- Original Message ----- From: "Kat" <gertie at PELL.NET> To: <EUPHORIA at LISTSERV.MUOHIO.EDU> Sent: Saturday, August 26, 2000 2:44 PM Subject: Re: Another Web Site > On 26 Aug 2000, at 16:44, irv wrote: > > > On Sat, 26 Aug 2000, Kat wrote: > > > On 26 Aug 2000, at 13:24, Bernie wrote: > > > > > > > On Sat, 26 Aug 2000 12:08:27 -0400, Wayne Overman <euman at BELLSOUTH.NET> > > > > wrote: > > > > > > > > >for the member function's you'll need a hotmail or passport account.... > > > > click below if you have neither. > > > > > > > > > > > Btw, "passport account" = internet tracking you by Microsoft. At each site that MS owns, your > > > puter will dump a file about you to the site, including the site urls you visited last. Not for > > > me, thanks. > > > > Kat: > > > > I heard somewhere that it also dumps a list of MS apps that are on your > > computer, in case you "borrowed" some. Can you confirm this? > > (not that I use MS apps, borrowed or otherwise :) > > > > Well, actually, your web browser ( IE ) does this too, for all applications in the registry. It does > this allegedly so the web page server can put together a page that you can use. Yea, right. > When i set the User-Agent field in the http headers to "Gertie (Win3.68)" and surfed over to > some MS sites, the firewall logged four hits from MS the next day. I have set the Accept field to > text/html (this is normally where your browser tells the site what all the apps on your puter are, > such as Flash, WinZip, MSPaint, etc.), and the User-Agent in another browser to Mozilla/4.0 > (compatible; mIRC5.51) (normally this specifies (compatible; MSIE 5.0; Windows 95; DigExt), > etc). > > Here is what one browser said to me when it asked me for a file These are the types of files, and > in some cases the name of the application, that the person has installed on his puter): > > Accept: text/html, text/plain, audio/x-midi, audio/mid, audio/midi, audio/wav, audio/voc, audio/*, > image/jpeg, image/gif, image/tiff, image/*, video/x-flick, message/partial, message/external- > body, application/postscript, x-be2 > Accept: application/andrew-inset, text/richtext, x-sun-attachment, audio-file, default, > audio/basic, audio/*, audio/basic, image/jpeg, image/*, image/gif, image/x-xwd, message/partial, > message/external-body, application/postscript, x-be2 > Accept: application/andrew-inset, text/richtext, text/enriched, x-sun-attachment, audio-file, > postscript-file, default, mail-file, sun-deskset-message, application/x-metamail-patch, > application/applefile, text/sgml, */*;q=0.01 > Accept-Encoding: gzip, compress > Accept-Language: en > User-Agent: Lynx/2.8.2rel.1 libwww-FM/2.14 > > Here is what another sent: > > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, > application/vnd.ms-excel, application/msword, application/x-comet, */* > Accept-Language: en-us > Accept-Encoding: gzip, deflate > User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98) > > Another browser told me the person has WebWasher installed and running, and it's version > number: > > User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 95) WebWasher/1.2.2 > > The passport account software is active and separate from the browser, and other than staying > away from it, i haven't researched it. I highly suspect it has all the capabilities that ActiveX and > javascript and VBscript have tho, in other words, it can read every byte on your harddrive. There > has been a push in the software industry, including MS, to code all the applications so a web > page can delete the application from your harddrives if they want to. To do this, the browser > must tell the web page that you have the application, the version, the registration number, the > harddrive path to the app (a browser that is JS/ActiveX-enabled can do this now), then the site > does the research as to the correct legal owner of that software (they can do this now), and then > the browser must accept the command to then delete that directory (a browser that is > JS/ActiveX-enabled can do this now). The cure for this, to stop an errant web page server from > deleting your legal software, is to route the browser thru a filtering proxy, and don't install the > passport software (which will surely bypass the proxy). And btw, most free isps "break" the > proxy settings in the browser, meaning you must use another box on a lan to run the proxy, or > use a web proxy. What is scary is that when your puter connects to the internet, it does an > RARP broadcast, supposedly to verify it's online. It sends the packet to a site that MS has > funded, altho MS denies it collects or uses the minimal info contained in the packet. However, > since all MS OSs are susceptable to hijacking by re-routing this transaction, and because the > transaction is unnecessary, and because MS has a finger in it, i block it in the firewall also, in > outgoing and incoming. > > Wow, does all that sound paranoid or what?? > > Kat