ya, i believe most of wat the site says, especially about google's ' everlasting cookie' that's why i never allow cookies from google but google is still a great search engine tool anyway
Jooske - I just did a Google search of your name and read a letter that you wrote to ZNet. Your privacy was not protected. I discovered this some time ago that when I did a search of my screenname that many of my posts appeared on the Google site with links.
Actually, I think most of what ever factual on the site's is correct. But then again, there's nothing really very dangerous about what facts it reveals. Others seems to be whining on principle, ie monopolys are bad and speculation about the power they wield or could wield over the web. And a large part is about Search engine optimisation, pointing out weaknesses in the ranking algothrim (blogs etc) , but again not really security concerns The cookie business is a bit strange, but easily handled by all competent browsers.
Wow.. I just did a search of Google for my screen name and came up with several listings! Things are definitally "getting out of hand"! I am discusted by the amount of "spying" and "sneaky" practices that are employed by many companies/orginizations on the net. Between Pop ups/unders, Spyware, Adware, ect. Steve Gibson(www.grc.com) had a interesting segment on "cookies", explaining that back in the early days of the Net they were designed only to help guide people around a web site, and that they did not stay with you. I guess things have changed...lol Sometimes I feel I wil never be able to secure my computer from all of these different threats! Some days I feel like just "pulling the plug" on my computer!
Yes, but why phone numbers and screen names? Ok, topics, forums, yes, but why is it that when I search for something in google, I end up getting assalted by pay ads, unrelated topics, and sketchy websites that really have little or no info on the search topic. Although I have recieved spyware from clicking a link.... Yes Google is the "BEST" search engine but I have read several of the posted links and it apears they have put $$ and advertizers before everything else! I understand they are out to make $$$, but there is No reason for the cookie that expires in 2037, or the toolbar that acts like spyware! Just my opinion though.....
Last night I did a SpyBot scan of my computer and came up with the DSO Exploit. I read the details and was referred to Greymagic.com/adv/gm001_ie for further details. The link given did not work too well but with a bit of fiddling I was able to get the information I was seeking. It appears there is a leak in the Google tool bar which allowed this Exploit to access a computer. Google was supposed to have fixed this vulnerability back in 2002 but if the Exploit I had was from Google, then they have done nothing to rectify the problem. I initially assumed it was a security hole in IE which needed, I think, the patch Q328970. Upon checking my installation history I have that patch so that leaves Google as the culprit. Am I misunderstanding the whole situation? Symantec on the other hand, states that this Exploit is spread via email. I have not had any email that I need to be concerned about. So, who is right on this issue. Maybe our experts here can sort this out.
Hi Peaches4U, This is the security hole Spybot S&D finds: http://www.securitytracker.com/alerts/2002/Feb/1003689.html And the fix Spybot S&D will apply if you choose to do so, is the one described here: http://sec.greymagic.com/adv/gm001-ie/ Regards, Pieter
Very interesting. Anti-Virus can detect this method wich is nice but still a major flaw, since if you change the code and various form you can still execute the script.... wich could be very unhealty.... wich would really crap out...
Thanks for responding Pieter. So, am I correct in my thinking that I have to make the registry change [as per greymagic] in order to be protected against this Exploit?
Hi Peaches4U, Not completely sure. I think MicroSoft fixed that vulnerability, but they may have used a different method. I couldn't find it. If I come across it I will post. Regards, Pieter
Hi all; I was under the impression that if you fixed the DSO exploit with SpyBot, it made a little alternation in the registry (DWORD setting) in order to fix that security hole? Isn't fixing it with spybot enough or are there more actions needed? Cheers,
Hi Pieter. Thanks again.... I did not touch my registry until I am absolutely sure of what I am doing and why. I did peek in the registry but oh my, some of the stuff there is above my knowledge. I just suddenly remembered that I may have gotten that exploit through an email. I now recall opening an email from a friend and when the page came up it was all a garble and unreadable. After about a minute, the page became readable. I thought that was weird and wondered about it especially because my friend had the same exploit which I helped her in cleaning her computer [she knows absolutely nothing about computers & security]. According to Symantec this exploit can be spread by email, so maybe that is how it happened for me. I did another Spybot scan last night & well as Panda and got a clean bill of health. My critical patches are all up-to-date including the one I received this a.m.
Hi Unzy, You are right. This is what Spybot S&D does. (As described on the site I linked to.) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] Change the value of "1004" (DWORD) to 3. Hi Peaches4U, I think we are talking about two different exploits here. Do you have a link to the Symantec site you are referring to? Regards, Pieter
That's it Pieter, this cold weather here is freezing my brain and my fingers!! Definitely SpyBot picked up the DSO Exploit [I just checked the log in SpyBot] but when I checked Symantec for details I apparently typed DSS Exploit instead. I used SpyBot to do the fix - computer is running well & no other compromises since, except for me ... I need a fix from the cold here, like a long vacation in Australia or the Dominican Republic?? My apologies Pieter for my error - I should have double checked before posting.
Cheer up Peaches4U, Happens to all of us at times. And it triggered a nice discussion. Regards, Pieter
ive knowen for over a year i use google to stalk you guys lol nothing says love like a restraining order lol
That is not nice Are you still living up there in the Northwest by that lake...or are you eating on someone else's couch these days.
STILL LIVEING IN THE NORTHWEST BY THAT LAKE LOL Im wo0rking for my dad i posted a few pics of the work we do you know i had no ideal how hard that man works til i started working for him makes you aprechiate a person more when you walk in his shoes seriosley i sugest if you can spend at leas one day with those you care about doing what they do all day you get a better understanding of them and a aprechiation for them hueman nature would be somuch better if we took the time to really understand one another rather then fear what the othewr thinks of ones self thats why most are so lonley in some degree or another should i e spell check this lol nahhhh to lazy lmao
So you recommend that search engines should practice censorship and try to figure out what are telephone numbers on webpages and stop listing them? What about credit card numbers, what about your middle name? or your religion? or... If you want to blame anyone blame the lousy leaky incompetent webmasters of the sites whom you had trusted with your personal info. Googlebot and most trusted/reputable spiders respect the robots.txt, and do not index such sites. Even better password protect the sites! I have no idea what "Screenname" means, but I presume it means the handle or nick you use on forums. If you want to create a consistent indentity all over the internet by registering the same unique id in all the forums you visit, it's your choice, just don't blame the search engines, if you can be "tracked" this way. If you want to keep your cyber indentities seperate then don't do it or use a common id. And so what if they know a certain guy named say "xzzxyzsddf" is posting in say comp security and sex groups, if you are careful , they can't correlate it to your real offline id anyway. Please check your facts. First, google adwords programs only lists sponsored ads on the right side of the page, they do not appear "before everything" as you state Second, about irrelevant sites, this is a problem faced by all search engines, google is espically worse hit because webmasters try to fool it the most ,given it's popularity Third, receiving spyware from a click, again what do you expect google to do? To act as a global censor , figuring out which sites have spyware (assuming you could agree what those sites are in the first place) and banning those? In certain aspects, even the big sites are Cnet, have spyware. You expect google to act as judge and executor? Next I suppose you will be complaining google doesn't filter out sites with poor web design? Fourth - A toolbar that acts like spyware? This does not come into play unless you turn on the advanced page rank features. The page rank features tell webmasters how highly google "thinks" of a given page (PR from 0 to 10). So when you visit say wilders, it will show say a PR of 7. But unless google knows which site you are viewing how is it going to send the PR of the page?? Again this whole "spyware" crap is thrown out of proportion, because people latch on the fact that google has to be told which page you are visiting, before it can tell you what the PR is. I
