Re: Someone is testing my firewall

[ABrady <kcsmart kc rr com>]

On Fri, 12 Oct 2001 16:54:29 +0900 "Karen Ellrick"
<k-ellrick sctech co jp> imparted to us:
> ABrady,
> 
> Thanks for the explanation and the links - they helped me understand
> the
> issue from a stategic/business/legal angle.  The Unquietmind article
> was
> particularly, well, unquieting.  And the ability to send me email by
> knowing
> only a username and an IP was something I hadn't thought about before
> (now
> that you mention it, though, I can see how it is possible with reverse
> DNS
> lookups).  But there is still something about the cookie-stalking
> thing that
> I apparently don't get yet.
> 
> > Cookies. You go to site A and get a cookie from doubleclick. That
> cookie
> > stay on your drive, You go to site B and doubleclick sees you are on
> > site B and you've picked up a cookie from site A. You kill you
> browser
> > and go to sleep. Maybe even shut things off. You get back on the
> next
> > day, go online, go back to site C and doubleclick sees the cookie.
> You
> > then go to sites D, E, F and G, then back to A and B. Doubleclick
> sees
> > the same cookie at each site and follows you around.
> 
> I do understand about persistent cookies, but let's get more specific
> with
> your example.  I am sitting on site Z that has a doubleclick ad
> pointing to
> site A.  I'm a dummy and click on it.  Doubleclick gets my info, sets
> a
> persistent cookie, collects any previous doubleclick cookies, and
> sends me
> to site A.  I understand so far.  But I go to site B not by clicking
> another
> ad but by an ordinary link on site A.  Does doubleclick know where I
> went?
> Then, when I wake up the next day I go to site C not by an ad but, for
> example, by a search result in Altavista.  I go to site D by a
> shortcut on
> my desktop.  All day I don't click any ads.  Can doubleclick follow me
> and
> keep setting cookies in this case?  Or is your example based on the
> assumption that I would use ads to go to each new page?  Sorry for the
> continued questions, but I think this is important stuff to grasp for
> anyone
> trying to stay secure and semi-private in an Internet world, right?

Your IP address can be gathered via a page whether you click a link or
not. Someone like doubleclick can follow you around without you ever
clicking one of their ads. So, you go to site Z and don't even touch the
ad. A cookie gets added. You go to another site, the cookie gets found.
You get followed without ever knowing it.

A couple of things you can do to help yourself. Use junkbuster
(eliminates the visual part, not altogether sure it stops the following
around part). Maybe add in dansgardian or squidguard for additional
blocking of URLS/keywords. Use mozilla or galeon because they allow you
to delete cookies and block certain ones from ever being received again.
I think you can also manually add sites/locations that you don't want
sending cookies to you. The only real problem with that is that they can
send dozens or hundreds of types of cookies. The blocking only works on
specific sites and/or cookies. A variation on one that's blocked won't
get blocked. Finally, there are a lot of websites around about this. At
least one of them tells how to make a file that can be sent back to
doubleclick that avoids sending identifying information and also warns
them to stop to avoid legal action taken against them. The second part
may/may not intimidate unless it is followed-up. The first part doesn't
keep them from following you. But, it prevents them from ever getting a
useful cookie. If enough people used it, it may be more helpful.

Like security and IDS, firewalls, actively looking things over,
tripwire, etc likely a combination of things is most effective.

> Another question that may relate to this.  Recently my husband went to
> a
> certain search site that he had never used before (I don't remember
> what one
> off-hand but I can find out if it's important), and it had a pulldown
> menu
> that included, as far as he can tell, everything we have ever searched
> on
> with that computer, regardless of which search engine.  He showed it
> to me,
> and we were both imagining the theme music from "The Twilight Zone"
> echoing
> in our heads!  How in the world did it get all that information?  I
> don't
> doubt that the various search engines are all setting cookies for
> themselves, but I have been led to believe (possibly naively) that the
> browser will only send a cookie back to the same domain at most. 
> True?  Not
> true?

Netscape and IE both store certain information in files. Things like the
history of sites you've typed in manually, a cahce of places visitied,
info from search engines, etc. With netscape you can usually delete
everything in a netscape folder and get it all. There might be the odd
bit of information stored in various areas, but those are fairly rare.
M$ files are even worse and just emptying the favorites/history folders
won't get all of it. I'm not sure how to fix it up in 'Doze or any other
Gate$ware product because it's been a few years since I had to do it. I
know it can be done.

Anyway, all that site did was read the information stored on your hard
drive. That's why friends should never let friends use microsoft: it
doesn't have security holes, it has security canyons. By default, every
Win98 and before was wide open. They can look at password files,
checking account info, addressbooks, dirty pictures, diaries, anything
stored. No matter what they try to claim, it has improved considerably
with NT, ME or 2K, and I won't buy the claims on XP until they're
proven.

The access to read things also give possible access to cause damage.
Using a virus or worm or word macro is easy and faster if you want to do
large scale damage to many people. But, a single individual can be
targeted and more damage done to that individual. Or more infomraion can
be stolen from that machine, Things like bank account manipulation,
identity theft, file destruction, credit card number theft, etc. If they
can read your drive, they can copy files. Once they have copies they
have all of the time they'll ever need to break passwords or decode
information stored in compacted or encrypted files.

Back to the above. With the openness of 'Doze it's that much harder to
overcome the tracking done by entities like doubleclick. If you can't
keep people from being able to see what's on your drive, how can you
keep them from following you around?

Security is a particular M$ weakness. Someday people will learn that.
Many buinesses already are learning it. Firewalls help, virus checkers
help, patching everything every day (ala NT and 2K) can help. But, they
aren't secure enough and can never be made secure enough IMHO.

-- 
"One world, one web, one program"  -- Microsoft promotional ad
"Ein Volk, ein Reich, ein Fuehrer"  -- Adolf Hitler