How Do I Fix This? IE leak?

Discussion in 'privacy general' started by Ice_Czar, May 26, 2002.

Thread Status:
Not open for further replies.
  1. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    http://www.xxx.de/
    >go to Sicherheits-Check (Blue Menu to the left under Security)

    URL deleted by Forum Admin because of various warez links

    C:\ - Test

    The contents of my C: directory are visable  :eek:

    The Babelfish Translation:
    Please, look just(exactly)! It is the content of THEIR(HER) non removable disk C:!
    Herewith dubious web contents advertise at the moment around your favour / purse and throw many surfers. (Nevertheless, you Use the picture run borders, and open someone (e.g., *.txt) to file or file) counter measure: Not inevitably! It is, in this connection, only about a small trick, a so-called Framelink (here " file: \\\ C | \ ") on own non removable disk C: places. I.e. only you yourselves see your non removable disk and, otherwise, nobody


    So this is just a trick? Can you block this Framelink? (without installing everything to D:\)?
     
  2. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    It's just a cheap trick.  You have nothing to worry about.
     
  3. zappa

    zappa Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    176
    Location:
    Los Angeles, Ca.
    That link won't last half the day.  I give it an hour, max.
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Paste this code in an email source or notepad, and save as html file.
    this example shows your d:\ in the line with "location"
    so you can change that for c:\

    It was made with all good intensions by a webmaster who wanted his visitors to be able to see or grab files for download from his CD-ROM drive, to spare all the uploading, but something makes the visitors see their own d:\ , hence the unintended panic.
    We can use this trick in an emulator to show the intruder his drive content is visible.
    There is nothing wrong with this example, nothing illegal or whatever, just a little scipt as it is now to show your OWN drive content.
    Mind the wrapped lines, stretch them back or you get error messages.


    Code:
      <CENTER>
      <SCRIPT language=JavaScript><!--
    if (navigator.appName == 'Microsoft Internet Explorer'){
          
          document.write('<left>')
          document.write('<object id="browserIcons" classid="clsid:8856F961-340A-11D0-A96B-00C04FD705A2" align="baseline" border="0" width="100%" height="100%">')
          document.write('<param name="Location" value="d:/">')
          document.write('<param name="AlignLeft" value="1">')
          document.write('<param name="AutoSize" value="1">')
          document.write('<param name="AutoSizePercentage" value="100%">')
          document.write('<param name="AutoArrange" value="1">')
          document.write('<param name="NoClientEdge" value="false">')
          document.write('<param name="ViewMode" value="3">')
          document.write('</object>')
          document.write('</left>')
    }
    // --></SCRIPT>
      </CENTER>
    
     
  5. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    Thanx for the code Jooske  :D
    You make it look so simple (but Im sure its not), Im goin to have to learn to script. Copied it to Notepad and saved as an HTML.  :eek:

    To our Moderator

    My profound apologies about the link,  (I assume in this case its the crack program and password viewer?) The "softwarez" links all lead to legitimate vendors.
    Though the "hardwarez" links are semi legal tutorials?

    Followed a link there initially to get a program to create custom BIOS logos. Found the program to crypt html pages so you cant save pictures, and tumbled to the above "trick"

    Thought I had a leak, till I translated it twice and then posted here to make sure. And I was using the other security tests.

    By that time Id completely forgotten about that crack program. (about a week had gone by)

    Sorry
     
  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi Ice_Czar,

    Forget about it; things like these happen unintentionally. No big deal  ;)

    regards.

    paul
     
  7. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    I'd like to know what the term "Warez" actually means and where it originated.

    MTIA
     
  8. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    warez

    "Warez (pronounced as though spelled "wares" or possibly by some pronounced like the city of "Juarez") is a term used by software "pirates" to describe software that has been stripped of its copy-protection and made available on the Internet for downloading. People who create warez sites sometimes call them "warez sitez" and use "z" in other pluralizations.
    According to the International Planning & Research Corporation, warez Web sites cost software vendors $11.8 billion in 2001. The most popular downloads at warez sites include applications from major vendors such as Microsoft, Symantec, Macromedia, and Adobe Systems. The vendors have joined forces with the Business Software Alliance (BSA) to successfully close a loophole in Internet law that allowed warez distributors to avoid legal prosecution as long as they didn't profit monetarily from their distributions. (Use of warez software is also illegal and may result in a jail sentence.)

    Warez should not be confused with shareware or freeware software applications, which are legal and may be freely copied and distributed. "

    From: http://whatis.techtarget.com/definition/0,,sid9_gci213338,00.html
     
Loading...
Thread Status:
Not open for further replies.