[4514] in WWW Security List Archive
Re: Question about User Identity (CGI scripting)
daemon@ATHENA.MIT.EDU (Jim Harmon)
Wed Feb 19 20:40:12 1997
Date: Wed, 19 Feb 1997 17:21:16 -0500
From: Jim Harmon <jim@telecnnct.com>
To: acuykens@ulb.ac.be
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Anthony Cuykens wrote:
>
> I recently logged on a web page called anonymizer
> (http://www.anonymizer.com) which propose to let you surf on the net
> without leaving any track of your identity. To prove that they site is
> usefull, they begin to show you they show you informations that they got
> about you throught the connection. From a Unix platform, they where able
> to get my address and the loggin name of all the people curently
> connected, from a NT workstation, they only get my address.
>
> I do not know how they do that but maybe you could go there to see what
> they are able to perform, you should be able to do the same.
I just tried it and got a timeout on the attempt to identify my info...
(noted responce by Jeremey Barrett (thanks for the information!) that
gives solid information about why)
I mailed their Sys Admin and resieved a reply saying "I guess we
couldn't read your account information."
I don't know whether I'm broke or just secure... :) (sorry, not an
invitation to crack my system... :)
I'm collecting more info on this subject and will post a summary on
2/24.
Thanks!
--
Jim Harmon The Telephone Connection
jim@telecnnct.com Rockville, Maryland
