Files exposed to Website !!

[eyespy]

* * I was surfin' around the net today, looking at different "utility cleaners and wipers" ! ( I'm still looking for that "elusive" log file cleaner)
*Anyway I come across this site ....Evidence Killer *
http://securedisk.netfirms.com/defaultek.htm
*Click on "test it"
This website showed on the screen the contents and folders of MY hard disk !!! *What a "rude awakening" !!
I have File and Printer sharing disabled, always have, so how are these "snoops" getting in ? Don't know if these web sites are helping us or hurting us !!
I'm also running SPF 5.
There has to be way to stop this !!

*Open for all/any suggestions !!

* * * * * * * * * regards all,
* * * * * * * * * * * * * * * * * *Bill * * *

Hi,

I saw that you need Javascript enabled, and I have to admit that, unless I know much more about that company and site, I'm not willing to do that.

However, I remember vaguely that there have been somewhere some web-site that in some way also was able to show you the content of you harddisk, but in fact they only give your OS locally the command to do so; so, it was only some kind of a trick.
Sorry, I don't remember all the details of it.
And I'm also not saying that this website, that you mentioned, did the same kind of thing.

So, probably this reply of me doesn't have much value....

[eyespy]

Well *FanJ, * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *it showed *the folders in my C drive, but not the contents of those folders.
I understand they are trying to prove a point and sell their product. But their product will eliminate Dat. files and such, and it would not protect you from exactly what happened to me !! Peeping at my Hard disk !! Damn !!
* * * * * bill *

Hi,

I don't know much of that company....

Maybe you could also have a look at programs like IEClean (or NSClean for Netscape) and Window Washer. I have both, and I'm very satisfied with them.

[luv2bsecure]

Hi Bill!

There have been rumours that EVIDENCE KILLER is, in fact, associated with EVIDENCE ELIMINATOR. You want to stay away from BOTH!!!!! *They are both marketed in a very similar way using scare tactics that are silly and infuriating at the same time.

To put your mind to rest over what you saw on their site; I can assure you that your hard drive information was not passed on to anybody anywhere except on your own monitor. It's an old Javascript trick that simply allows YOU to see the contents of your drive. The code is simple. I went to Evidence Killer's site and grabbed it from the "view source" for you so you won't worry about this. Pay attention to what I have bolded - it's just a local ref to your own drive:

<script language="javascript">
if (navigator.appName=="Netscape" && navigator.appVersion.split(".")[0]==4)
{
document.write("");
}
else
{
document.write("Your hard drive.");
document.write("<p align='left'><iframe src='file:///C:/' height=400 width=600 marginwidth=0 marginheight=0 scrolling=no frameborder=0 vspace=2></iframe></p>");
}
</script>

You're OK, Bill. Nothing to worry about. Seriously though, if I were you EE and EK are two programs to stay away from. (For one thing just look at how EK is trying to trick people and panic them with that scripting trick!) I agree with Jan completely - try IEClean or Window Washer. They are both good products from quality companies.

Have a good week!
John

[Checkout]

I'm on total agreement with the above. *It's an old JavaScript trick to worry people into buying garbage, tactics which reputable companies would never use.

[eyespy]

Thanks for the info guys !!
* * * * * * * * I was more than a little concerned when I saw THAT site playing tricks on me !!
* Needless to say...I won't consider that companie's software ! *
I thought about how they did that for a few days, and couldn't figure it out !!
*Thanks again !!

* * * *Relieved......bill *

[Mike_Healan]

Actually, you don't even really need javascript.
Click here

Code:

Click here

[Jooske]

I remember an older warning, in a MS security bulletin, forgot which and the name of that exploit, which still showed up with the patch, btw. With putting all java and ActiveX on "prompt" and not allow nothing of that on unknown sites they were not able to do the same trick.