?
Solved

cookies or what?

Posted on 2001-07-10
6
Medium Priority
?
178 Views
Last Modified: 2010-04-11
I went to an website which maybe is hosted by some hackers. I went there and just clicked some links WITHOUT downloading anything from THAT site. But things get wired later. They know my email address, my first name and last name.

How could this be possible? because
1) I did NOT tell them my email address?
2) I type THAT link directly from IE address bar

By the way, I am using windows 98 with IE5.5 sp1.
0
Comment
Question by:McCoffee
  • 3
  • 2
6 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6271031
if you have enabled any active elements in IE, like JavaScript, Java, ActiveX, they can read anything from you W98 computer, email address and name are the simple ones. That's security/privacy as M$ sells it.
0
 

Author Comment

by:McCoffee
ID: 6271830
Yes, they must use ActiveX, VBscript or something else to
retrieve msg from my hard drive, but I don't think it's
Microsoft's fault at this time. They must have something
else which I don't know. I am trying to get some more info
from http://neworder.box.sk in these days.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6272560
"Microsoft's fault" or not, just depends on your mind (or mine:-)
As long as you allow active elements in your browser (on W98) your data are public to everyone on the internet when you're connected.
Think and act secure (and keeping your privacy), or use M$.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Accepted Solution

by:
Droby10 earned 300 total points
ID: 6272877
or it could be a web-based attack, which is not unheard of (especially against windows 9x machines)

scenario:
you visit site...site analyzes information from request to determine whether or not to launch an attack...(user_agent, remote_addr, etc.)

if an attack fits the description from the gathered information then an attack is launched...in this case probably utilizing weaknesses in smb in win9x machines.  the attack can gather any information you have written to your hard drive or interactively let someone navigate through your harddrive to find the targeted information they're looking for...ie. pwl files, userprefs.js, temporary internet files, etc.

=======================================================

more than likely, all they've done is auto-submitted a form with a mailto action, where both the email and name are more than likely appear.

- do you mind if i ask which site...i'll give it a look.
0
 

Author Comment

by:McCoffee
ID: 6273395
first of all, thank you very much both Ahoffmann and
Droby10 to answer my question.

that site is dead: i think those guys use winroute or
httpd set up that site in order to collect people's IP addresses. once they find the target, they become to
attack it. when i typed in that IP address trying to
get into that site this morning, it is no longer there.

i am not sure if that's about "HoneyPot" or something
else. here are some sites which i try to get some info:
1) http://neworder.box.sk;  (computer security)
2) http://rootprompt.org/   (honey pot)

here is my email: comp_naive@hotmail.com. if you guys
have any hint, you can send me email directly or just
post it here, i will check it later.

thank you very much both
and
have a very nice days! ^_^
0
 

Author Comment

by:McCoffee
ID: 6279242
I can not find a better answer than you. Anyway,
thanks a lot, your guys!
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question