Solved

cookies or what?

Posted on 2001-07-10
6
172 Views
Last Modified: 2010-04-11
I went to an website which maybe is hosted by some hackers. I went there and just clicked some links WITHOUT downloading anything from THAT site. But things get wired later. They know my email address, my first name and last name.

How could this be possible? because
1) I did NOT tell them my email address?
2) I type THAT link directly from IE address bar

By the way, I am using windows 98 with IE5.5 sp1.
0
Comment
Question by:McCoffee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6271031
if you have enabled any active elements in IE, like JavaScript, Java, ActiveX, they can read anything from you W98 computer, email address and name are the simple ones. That's security/privacy as M$ sells it.
0
 

Author Comment

by:McCoffee
ID: 6271830
Yes, they must use ActiveX, VBscript or something else to
retrieve msg from my hard drive, but I don't think it's
Microsoft's fault at this time. They must have something
else which I don't know. I am trying to get some more info
from http://neworder.box.sk in these days.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6272560
"Microsoft's fault" or not, just depends on your mind (or mine:-)
As long as you allow active elements in your browser (on W98) your data are public to everyone on the internet when you're connected.
Think and act secure (and keeping your privacy), or use M$.
0
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

 
LVL 5

Accepted Solution

by:
Droby10 earned 100 total points
ID: 6272877
or it could be a web-based attack, which is not unheard of (especially against windows 9x machines)

scenario:
you visit site...site analyzes information from request to determine whether or not to launch an attack...(user_agent, remote_addr, etc.)

if an attack fits the description from the gathered information then an attack is launched...in this case probably utilizing weaknesses in smb in win9x machines.  the attack can gather any information you have written to your hard drive or interactively let someone navigate through your harddrive to find the targeted information they're looking for...ie. pwl files, userprefs.js, temporary internet files, etc.

=======================================================

more than likely, all they've done is auto-submitted a form with a mailto action, where both the email and name are more than likely appear.

- do you mind if i ask which site...i'll give it a look.
0
 

Author Comment

by:McCoffee
ID: 6273395
first of all, thank you very much both Ahoffmann and
Droby10 to answer my question.

that site is dead: i think those guys use winroute or
httpd set up that site in order to collect people's IP addresses. once they find the target, they become to
attack it. when i typed in that IP address trying to
get into that site this morning, it is no longer there.

i am not sure if that's about "HoneyPot" or something
else. here are some sites which i try to get some info:
1) http://neworder.box.sk;  (computer security)
2) http://rootprompt.org/   (honey pot)

here is my email: comp_naive@hotmail.com. if you guys
have any hint, you can send me email directly or just
post it here, i will check it later.

thank you very much both
and
have a very nice days! ^_^
0
 

Author Comment

by:McCoffee
ID: 6279242
I can not find a better answer than you. Anyway,
thanks a lot, your guys!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question