• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 180
  • Last Modified:

cookies or what?

I went to an website which maybe is hosted by some hackers. I went there and just clicked some links WITHOUT downloading anything from THAT site. But things get wired later. They know my email address, my first name and last name.

How could this be possible? because
1) I did NOT tell them my email address?
2) I type THAT link directly from IE address bar

By the way, I am using windows 98 with IE5.5 sp1.
  • 3
  • 2
1 Solution
if you have enabled any active elements in IE, like JavaScript, Java, ActiveX, they can read anything from you W98 computer, email address and name are the simple ones. That's security/privacy as M$ sells it.
McCoffeeAuthor Commented:
Yes, they must use ActiveX, VBscript or something else to
retrieve msg from my hard drive, but I don't think it's
Microsoft's fault at this time. They must have something
else which I don't know. I am trying to get some more info
from http://neworder.box.sk in these days.
"Microsoft's fault" or not, just depends on your mind (or mine:-)
As long as you allow active elements in your browser (on W98) your data are public to everyone on the internet when you're connected.
Think and act secure (and keeping your privacy), or use M$.
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

or it could be a web-based attack, which is not unheard of (especially against windows 9x machines)

you visit site...site analyzes information from request to determine whether or not to launch an attack...(user_agent, remote_addr, etc.)

if an attack fits the description from the gathered information then an attack is launched...in this case probably utilizing weaknesses in smb in win9x machines.  the attack can gather any information you have written to your hard drive or interactively let someone navigate through your harddrive to find the targeted information they're looking for...ie. pwl files, userprefs.js, temporary internet files, etc.


more than likely, all they've done is auto-submitted a form with a mailto action, where both the email and name are more than likely appear.

- do you mind if i ask which site...i'll give it a look.
McCoffeeAuthor Commented:
first of all, thank you very much both Ahoffmann and
Droby10 to answer my question.

that site is dead: i think those guys use winroute or
httpd set up that site in order to collect people's IP addresses. once they find the target, they become to
attack it. when i typed in that IP address trying to
get into that site this morning, it is no longer there.

i am not sure if that's about "HoneyPot" or something
else. here are some sites which i try to get some info:
1) http://neworder.box.sk;  (computer security)
2) http://rootprompt.org/   (honey pot)

here is my email: comp_naive@hotmail.com. if you guys
have any hint, you can send me email directly or just
post it here, i will check it later.

thank you very much both
have a very nice days! ^_^
McCoffeeAuthor Commented:
I can not find a better answer than you. Anyway,
thanks a lot, your guys!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now