Solved

cookies or what?

Posted on 2001-07-10
6
171 Views
Last Modified: 2010-04-11
I went to an website which maybe is hosted by some hackers. I went there and just clicked some links WITHOUT downloading anything from THAT site. But things get wired later. They know my email address, my first name and last name.

How could this be possible? because
1) I did NOT tell them my email address?
2) I type THAT link directly from IE address bar

By the way, I am using windows 98 with IE5.5 sp1.
0
Comment
Question by:McCoffee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6271031
if you have enabled any active elements in IE, like JavaScript, Java, ActiveX, they can read anything from you W98 computer, email address and name are the simple ones. That's security/privacy as M$ sells it.
0
 

Author Comment

by:McCoffee
ID: 6271830
Yes, they must use ActiveX, VBscript or something else to
retrieve msg from my hard drive, but I don't think it's
Microsoft's fault at this time. They must have something
else which I don't know. I am trying to get some more info
from http://neworder.box.sk in these days.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6272560
"Microsoft's fault" or not, just depends on your mind (or mine:-)
As long as you allow active elements in your browser (on W98) your data are public to everyone on the internet when you're connected.
Think and act secure (and keeping your privacy), or use M$.
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 
LVL 5

Accepted Solution

by:
Droby10 earned 100 total points
ID: 6272877
or it could be a web-based attack, which is not unheard of (especially against windows 9x machines)

scenario:
you visit site...site analyzes information from request to determine whether or not to launch an attack...(user_agent, remote_addr, etc.)

if an attack fits the description from the gathered information then an attack is launched...in this case probably utilizing weaknesses in smb in win9x machines.  the attack can gather any information you have written to your hard drive or interactively let someone navigate through your harddrive to find the targeted information they're looking for...ie. pwl files, userprefs.js, temporary internet files, etc.

=======================================================

more than likely, all they've done is auto-submitted a form with a mailto action, where both the email and name are more than likely appear.

- do you mind if i ask which site...i'll give it a look.
0
 

Author Comment

by:McCoffee
ID: 6273395
first of all, thank you very much both Ahoffmann and
Droby10 to answer my question.

that site is dead: i think those guys use winroute or
httpd set up that site in order to collect people's IP addresses. once they find the target, they become to
attack it. when i typed in that IP address trying to
get into that site this morning, it is no longer there.

i am not sure if that's about "HoneyPot" or something
else. here are some sites which i try to get some info:
1) http://neworder.box.sk;  (computer security)
2) http://rootprompt.org/   (honey pot)

here is my email: comp_naive@hotmail.com. if you guys
have any hint, you can send me email directly or just
post it here, i will check it later.

thank you very much both
and
have a very nice days! ^_^
0
 

Author Comment

by:McCoffee
ID: 6279242
I can not find a better answer than you. Anyway,
thanks a lot, your guys!
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question