[5138] in bugtraq
Re: Netscape Referer header considered harmful?
daemon@ATHENA.MIT.EDU (Amy)
Mon Aug 11 01:55:48 1997
Date: Fri, 8 Aug 1997 12:33:51 -0700
Reply-To: Amy <amy@INTERNET-FRONTIER.NET>
From: Amy <amy@INTERNET-FRONTIER.NET>
X-To: Phillip M Hallam-Baker <hallam@AI.MIT.EDU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199708071436.KAA25367@life.ai.mit.edu>
On Thu, 7 Aug 1997, Phillip M Hallam-Baker wrote:
> Maybe, but lets hope that Netscape does not tsake this as
> indicating it isn't a bug, it is.
>
It sounds like it is not Netscape's fault, it sounds like people are using
their bookmark.htm as their homepage, as orignally suggested.
Amy :)
> -----Original Message-----
> From: Crewdson, Andy <crewdsoa@MAGIC.DCRT.NIH.GOV>
> To: BUGTRAQ@NETSPACE.ORG <BUGTRAQ@NETSPACE.ORG>
> Date: 07 August 1997 09:44
> Subject: Re: Netscape Referer header considered harmful?
>
>
>
> In response to your question about when the HTTP_REFERER with the
> "file:///" string is sent:
>
> In Netscape Communicator 4.01a (NT4), the value is present in
> HTTP_REFERER only when the user clicks on the link in their bookmark.htm
> file. The "file:///" referer value is not passed when they choose a
> bookmark from the Bookmarks menu. A link chosen from the Bookmarks menu
> sends an empty HTTP_REFERER value.
>
>
> andy
>
> -----Original Message-----
> From: Ronald L. Parker [SMTP:ron@FARMWORKS.COM]
> Sent: Monday, August 04, 1997 11:10 AM
> To: BUGTRAQ@NETSPACE.ORG
> Subject: Netscape Referer header considered harmful?
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> I found something I consider mildly disturbing while browsing my
> referer log stats today. Viewers to our site today have been
> referred
> from the following URLs:
>
>
> file:///Hard%20Disk/System%20Folder/Preferences/Netscape%20%C4/Bookmar
> s.html
> file:C:\NETSCAPE\COMM\PROGRAM\USERS\DEFAULT\BOOKMARK.HTM
> file:///molly's%20bookmarks/molly's%20bookmarks
>
> As you can see, this is a cross-platform problem. What I don't
> know
> is whether these were sent by people just picking the bookmark
> from
> the dropdown or by people using their bookmarks file as a home
> page.
> Not having Communicator myself, and not planning to get it any
> time
> soon, I can't test this. In any case, file: URLs should be
> private.
>
> The last one is particularly interesting, given that it can be
> correlated with an IP address. I don't know what you call your
> bookmarks, but mine are called "Ron Parker's Bookmarks," based
> (I
> think) on my identity as told to the mail/news subsystem. So,
> had I
> been cutting-edge enough to use Netscape 4.0, I would now be
> telling
> my full name to every site in my bookmarks file.
>
> Of course, this can also lead to my knowing into exactly which
> directory you've installed Communicator. This could be useful
> information as well, and could help to mount an attack on your
> private email or the list of newsgroups to which you subscribe.
>
> In addition, again given that I have your IP address to work
> with, I
> might now know something about the internal network structure of
> your
> organization (not exemplified by any of the above sites, but
> think
> about where you would store your bookmarks if you were using a
> diskless workstation. Would you be giving me a machine name or
> just a
> drive letter?) This information could be invaluable as part of
> an
> attempt to bypass your firewall.
>
> - --
> Ron Parker
> Webmaster
> Farm Works Software Come see us at
> http://www.farmworks.com
> For PGP public key see
> http://www.farmworks.com/Ron_Parker_PGP_key.txt
> -----BEGIN PGP SIGNATURE-----
> Version: PGP for Personal Privacy 5.0
> Charset: noconv
>
> iQB1AwUBM+Xuhdn/ugmVuayZAQFrUwL+LUeoDc/P6ukxNfaNLP88ttXj9HiTAopa
> eL9Dab+v8njn94pEwsZls3Qkee3cfedFDsOEZzdNN1bCck6wWoKZtnaQVT8JnDax
> tamq9gMzB0RMxuQFnyt0J6SCOaHpL0Kt
> =PFqq
> -----END PGP SIGNATURE-----
>
