[32643] in North American Network Operators' Group
a privacy violation at the DC Renaissance Hotel - to all NANOG
daemon@ATHENA.MIT.EDU (Kai Schlichting)
Tue Dec 5 15:19:02 2000
Message-Id: <4.3.2.7.2.20001205151319.00dce1a0@127.0.0.1>
Date: Tue, 05 Dec 2000 15:17:14 -0500
To: nanog@merit.edu
From: Kai Schlichting <kai@pac-rim.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Errors-To: owner-nanog-outgoing@merit.edu
Hmm, Merit's mailer gives me some headaches. Maybe it's because the mail
already had a "Delivered-To: header when sent (how to insert that into
incoming-only mail in Sendmail has remained a mystery to me). I sent
it with the wrong return address, too, so this might have been the
true reason.
Please be not be distracted from the content of the message itself.
[...]
The Postfix program
<nanog@merit.edu>: mail forwarding loop for nanog@merit.edu
[...]
From: Kai Schlichting <kai@conti.nu>
Subject: a privacy violation at the DC Renaissance Hotel - to all NANOG
20 conference participants
Cc: postmaster@stsn.com, wwest@SUITECORP.COM, notphast@MSN.COM,
domain.administrator@MARRIOTT.COM, postmaster@MARRIOTT.COM,
postmaster@renaissancehotels.com
This is a message to all NANOG 20 participants staying at the
Renaissance Washington DC conference hotel, October 22-24th
(and probably to countless other guests over time that are
not affiliated with NANOG).
If you have surfed accessed-restricted websites belonging to your
employers while using the hotel's in-room Internet service (provided by
SuiteCorp, stsn.com), you have good reason to be concerned now,
as your privacy has been violated.
STSN apparently uses a transparent proxy (which I have no problem with)
that continually keeps a copy of what is accessed for a very long
time (which I have a BIG problem with) - but it doesn't stop there:
it's doing conditional re-GET's on those objects in the cache,
keeping it up-to-date (and I will not allege that the STSN admins
are "surfing the logs" so to speak, there is not evidence for that).
This is a gross privacy violation and a damn good reason not to
use secured, private, privacy-sensitive non-SSL websites when
using any hotel in-room Internet service like STSN. It's also a
damn good reason to sue if you feel like it (I don't, at least
not right now).
The last 5 accesses in the log below are such cache-refresh accesses,
those leading up to it are from my accesses in the room and from
the conference network gratiously provided by AOL.
p3.stsn.com - - [22/Oct/2000:20:16:22 -0400] "GET /~kai/home646.html HTTP/1.0" 304 - "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
p3.stsn.com - - [22/Oct/2000:23:03:30 -0400] "GET /~kai/home646.html HTTP/1.0" 200 5899 "-" "Mozilla/3.01 (compatible;)"
p3.stsn.com - - [22/Oct/2000:23:05:31 -0400] "GET /~kai/home646.html HTTP/1.0" 304 - "-" "Mozilla/3.01 (compatible;)"
p3.stsn.com - - [23/Oct/2000:08:26:39 -0400] "GET /~kai/home646.html HTTP/1.0" 304 - "-" "Mozilla/3.01 (compatible;)"
nanog-18-142.atdn.net - - [23/Oct/2000:09:02:13 -0400] "GET /~kai/home646.html HTTP/1.0" 304 - "-" "Mozilla/4.75 [en] (Win98; U)"
nanog-19-66.atdn.net - - [23/Oct/2000:11:09:07 -0400] "GET /~kai/home646.html HTTP/1.0" 200 5899 "-" "Mozilla/4.75 [en] (Win98; U)"
p73.stsn.com - - [23/Oct/2000:16:58:52 -0400] "GET /~kai/home646.html HTTP/1.0" 304 - "-" "Mozilla/4.75 [en] (Win98; U)"
p73.stsn.com - - [23/Oct/2000:17:02:34 -0400] "GET /~kai/home646.html HTTP/1.0" 304 - "-" "Mozilla/4.75 [en] (Win98; U)"
p73.stsn.com - - [23/Oct/2000:17:59:04 -0400] "GET /~kai/home646.html HTTP/1.0" 304 - "-" "Mozilla/4.75 [en] (Win98; U)"
12.23.124.37 - - [23/Oct/2000:21:33:46 -0400] "GET /~kai/home646.html HTTP/1.0" 304 - "-" "Mozilla/4.75 [en] (Win98; U)"
p244.stsn.com - - [24/Oct/2000:08:57:28 -0400] "GET /~kai/home646.html HTTP/1.0" 304 - "-" "Mozilla/4.75 [en] (Win98; U)"
nanog-18-140.atdn.net - - [24/Oct/2000:09:26:26 -0400] "GET /~kai/home646.html HTTP/1.0" 304 - "-" "Mozilla/4.75 [en] (Win98; U)"
p3.stsn.com - - [28/Oct/2000:10:07:51 -0400] "GET /~kai/home646.html HTTP/1.0" 304 - "-" "Mozilla/3.01 (compatible;)"
p3.stsn.com - - [03/Nov/2000:04:04:11 -0500] "GET /~kai/home646.html HTTP/1.0" 304 - "-" "Mozilla/3.01 (compatible;)"
p3.stsn.com - - [10/Nov/2000:13:31:57 -0500] "GET /~kai/home646.html HTTP/1.0" 304 - "-" "Mozilla/3.01 (compatible;)"
p3.stsn.com - - [19/Nov/2000:21:40:56 -0500] "GET /~kai/home646.html HTTP/1.0" 304 - "-" "Mozilla/3.01 (compatible;)"
p3.usslc14.stsn.com - - [29/Nov/2000:10:27:01 -0500] "GET /~kai/home646.html HTTP/1.0" 304 - "-" "Mozilla/3.01 (compatible;)"
Thanks,
bye,Kai
ps: yes, that page is gone now.
--
"Just say No" to Spam Kai Schlichting
New York, Palo Alto, You name it Sophisticated Technical Peon
Kai's SpamShield <tm> is FREE! http://www.SpamShield.org
| |
LeasedLines-FrameRelay-IPLs-ISDN-PPP-Cisco-Consulting-VoiceFax-Data-Muxes
WorldWideWebAnything-Intranets-NetAdmin-UnixAdmin-Security-ReallyHardMath