[5118] in bugtraq
Re: Netscape Referer header considered harmful?
daemon@ATHENA.MIT.EDU (Eric Murray)
Wed Aug 6 18:50:49 1997
Date: Wed, 6 Aug 1997 12:47:49 -0700
Reply-To: Eric Murray <ericm@LNE.COM>
From: Eric Murray <ericm@LNE.COM>
X-To: ron@FARMWORKS.COM
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199708041510.LAA25995@netspace.org> from "Ronald L. Parker" at
Aug 4, 97 11:10:15 am
Ronald L. Parker writes:
> I found something I consider mildly disturbing while browsing my
> referer log stats today. Viewers to our site today have been referred
> from the following URLs:
>
> file:///Hard%20Disk/System%20Folder/Preferences/Netscape%20%C4/Bookmar
> s.html
> file:C:\NETSCAPE\COMM\PROGRAM\USERS\DEFAULT\BOOKMARK.HTM
> file:///molly's%20bookmarks/molly's%20bookmarks
>
> As you can see, this is a cross-platform problem. What I don't know
> is whether these were sent by people just picking the bookmark from
> the dropdown or by people using their bookmarks file as a home page.
> Not having Communicator myself, and not planning to get it any time
> soon, I can't test this. In any case, file: URLs should be private.
[why leaking Referrer is bad]
Check out my 'cookie jar' program. It blocks cookies, ads
and Referrer (and it'll lie about User-Agent if you wish).
http://www.lne.com/ericm/cookie_jar/
--
Eric Murray Chief Security Scientist N*Able Technologies www.nabletech.com
(email: ericm at lne.com or nabletech.com) PGP keyid:E03F65E5
