Re: www.security7.ch.vu
From: Duane Beck (dbeck@legendent.com)Date: 03/02/02
- Previous message: Hornat, Charles: "LDAP vs Kerberos"
- In reply to: LS: "www.security7.ch.vu"
- Next in thread: Kulla: "Re: www.security7.ch.vu"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Duane Beck" <dbeck@legendent.com> To: <lordsoth8@bigfoot.com>, <security-basics@securityfocus.com> Date: Fri, 1 Mar 2002 19:10:28 -0500
> http://www.security7.ch.vu/
>
> When entering, it claims that you are exposed and tracked and a lot of
information
> is stored on your computer (doh..altho i dont keep names on it etc..).
> What caught my attention is that the show you the contents of your
root directory
> (c:\ for a windows machine...).
> What's alarming is that I don't see how this thing could've been done.
I dont allow
> any shares, I dont allow any services, and unless it is an IE exploit
of some sort,
> there is no other way to explain it. My firewall (TPF) handles all the
microsoft
> network issues and only internal LAN can even see my nbt name etc...
> this is weird.
> Anybody know how this is done ?
http://www.sexbunnys.at/evidence/7/m.html (one of the frames) contains
the following tag.
<iframe src="file:///C|/" height=200 width=640 marginwidth=0
marginheight=0 scrolling=no frameborder=3 vspace=2>
It's showing you a directory of your local C: drive, which is valid on
the client side. As far as I can tell, it doesn't actually expose any
local files to anyone remotely. It just looks like a trick to get you
to sign up for a service.
- Previous message: Hornat, Charles: "LDAP vs Kerberos"
- In reply to: LS: "www.security7.ch.vu"
- Next in thread: Kulla: "Re: www.security7.ch.vu"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
