Solved

cookies or what?

Posted on 2001-07-10
6
170 Views
Last Modified: 2010-04-11
I went to an website which maybe is hosted by some hackers. I went there and just clicked some links WITHOUT downloading anything from THAT site. But things get wired later. They know my email address, my first name and last name.

How could this be possible? because
1) I did NOT tell them my email address?
2) I type THAT link directly from IE address bar

By the way, I am using windows 98 with IE5.5 sp1.
0
Comment
Question by:McCoffee
  • 3
  • 2
6 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6271031
if you have enabled any active elements in IE, like JavaScript, Java, ActiveX, they can read anything from you W98 computer, email address and name are the simple ones. That's security/privacy as M$ sells it.
0
 

Author Comment

by:McCoffee
ID: 6271830
Yes, they must use ActiveX, VBscript or something else to
retrieve msg from my hard drive, but I don't think it's
Microsoft's fault at this time. They must have something
else which I don't know. I am trying to get some more info
from http://neworder.box.sk in these days.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6272560
"Microsoft's fault" or not, just depends on your mind (or mine:-)
As long as you allow active elements in your browser (on W98) your data are public to everyone on the internet when you're connected.
Think and act secure (and keeping your privacy), or use M$.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 5

Accepted Solution

by:
Droby10 earned 100 total points
ID: 6272877
or it could be a web-based attack, which is not unheard of (especially against windows 9x machines)

scenario:
you visit site...site analyzes information from request to determine whether or not to launch an attack...(user_agent, remote_addr, etc.)

if an attack fits the description from the gathered information then an attack is launched...in this case probably utilizing weaknesses in smb in win9x machines.  the attack can gather any information you have written to your hard drive or interactively let someone navigate through your harddrive to find the targeted information they're looking for...ie. pwl files, userprefs.js, temporary internet files, etc.

=======================================================

more than likely, all they've done is auto-submitted a form with a mailto action, where both the email and name are more than likely appear.

- do you mind if i ask which site...i'll give it a look.
0
 

Author Comment

by:McCoffee
ID: 6273395
first of all, thank you very much both Ahoffmann and
Droby10 to answer my question.

that site is dead: i think those guys use winroute or
httpd set up that site in order to collect people's IP addresses. once they find the target, they become to
attack it. when i typed in that IP address trying to
get into that site this morning, it is no longer there.

i am not sure if that's about "HoneyPot" or something
else. here are some sites which i try to get some info:
1) http://neworder.box.sk;  (computer security)
2) http://rootprompt.org/   (honey pot)

here is my email: comp_naive@hotmail.com. if you guys
have any hint, you can send me email directly or just
post it here, i will check it later.

thank you very much both
and
have a very nice days! ^_^
0
 

Author Comment

by:McCoffee
ID: 6279242
I can not find a better answer than you. Anyway,
thanks a lot, your guys!
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Each year, investment in cloud platforms grows more than 20% (https://www.immun.io/hubfs/Immunio_2016/Content/Marketing/Cloud-Security-Report-2016.pdf?submissionGuid=a8d80a00-6fee-4b85-81db-a4e28f681762) as an increasing number of companies begin to…
In this increasingly digital world, security hacks are no longer just a threat, but a reality. As we've witnessed with Target's big identity hack 2013, Heartbleed in 2015, and now Cloudbleed, companies and their leaders need to prepare for the unthi…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question