[1558] in WWW Security List Archive
Re: JavaScript to grab e-mail
daemon@ATHENA.MIT.EDU (Lincoln Stein)
Tue Feb 27 13:47:54 1996
Date: Tue, 27 Feb 1996 16:04:35 +0100
From: Lincoln Stein <lstein@kaa.crbm.cnrs-mop.fr>
To: eric.hammond@sdrc.com (Eric Hammond)
Cc: www-security@ns2.rutgers.edu
In-Reply-To: <199602271432.JAA04448@sdrc.com>
Errors-To: owner-www-security@ns2.rutgers.edu
Wow! These are extremely frightening demonstrations. Apparently it
is possible to:
1. Capture the user's cache and history
2. Monitor every page the user views and transmit its URL
across the Internet to a remote log file.
Would someone who's JavaScript-savvy (I'm just a neophyte) please
have a look at these scripts and comment? I'll incorporate his or her
comments into the WWW Security FAQ, with much accolades and kudos.
Lincoln
Eric Hammond writes:
> Lincoln:
>
> > I was concerned that someone had discovered a way to make JavaScript
> > divulge such browser secrets as the contents of the disk cache,
> > history list, or newsgroup subscriptions.
>
> Then you definitely don't want to read:
>
> http://www.c2.org/~aelana/javascript.html
> http://www.osf.org/~loverso/javascript/track-me.html
>
> --
> Eric.Hammond@sdrc.com 513-576-5907
> SDRC, 2000 Eastman Drive, Milford OH 45150
> webmaster@sdrc.com http://www.sdrc.com/
>
