Yahoo 'Web Beacons' ( <g> )

Discussion in 'other security issues & news' started by spy1, Apr 7, 2002.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Anyone unfortunate enough to be using Yahoo should check out this page and definitely opt-out (using the link provided there) : http://privacy.yahoo.com/privacy/us/pixels/details.html

    We're talkng about web bugs here. Pete
     
  2. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
  3. Hi Spy 1 :cool:

    As I already explained to you, unfortunately we have a lot of "Twister Errors" in our forums. Can be frustrating :'(
    Must say, I'm a "regular visitor" here and I like your forum - compliments!!! Keep up the good work!!

    Marianna
     
  4. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Thank you! And in return, I lurk a lot in the 'Virus & Security Alerts' forum. You've got a tremendous group of people - both mods and posters/helpers - there! Pete
     
  5. snowman

    snowman Guest

           Pete

           I have not confirmed this "absolutely" but those "web beacons" may be <single-pixel.gif>...

           if this in fact the case.....it should be possible to block their "call home".........by using a proxy....but if not entered correctly in the proxy it may block access to some web pages........

         am not sure....but doesn't proxomitron have a feature that can be config to block those beacons...an return a false response!!!

         at the moment it appears that I have succeeded in blocking the web beacons by making certain entries in my proxy...an elsewhere..........since "web beacons" are not "new"....an used by many websites... I've had a few "blank pages".... in fact a whole bunch!

         Pete  as I recall you use spyblocker....perhaps an entry in it would do the tricko_O?    

         with a proxy its possible to block all "gif" but have found that to be troublesome in my case because it denies me access to secure sites I use......a "response" needs to be sent....then access is no problem....

          since the size of the tracking pixel can be changed by the spys at their whim....an all in one block would be needed for lasting results......perhaps Zhen has some ideas on this..
     
  6. snowman

    snowman Guest

         Pete

         just thought to mention this...in case you or someone has some ideas/opinions

         I've noticed that by blocking the following numerous webpages wont load.


          3D advertising

          3D banner advertisments



         have had particular problems at <yahoo> when entering these blocks........I do know after researching that some spies are using 3D for tracking.....it was revealed in their financial profiles
     
  7. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Hi, snowman!

    I wasn't worried about it as far as my computing goes - I don't use Yahoo for anything anymore (especially since they changed everyones' privacy preferences without their knowledge or consent, causing those who were lucky enough to find out about it to have to go back into their accounts and re-set their preferences).

    I just threw it out there for the people who may stil use it.

    IMO, both Yahoo and AOL ought to be totally boy-cotted by the general public. They're snakes. Pete
     
  8. snowman

    snowman Guest

         Pete

         indeed I am in total agreement with you ....an knowing you I didn't think you would use either of those mentioned......


        actually  my reply was more of a personal  heads-up to you.......for possible future ref.

       *please note*


          Brilliant Digital Entertainment, Inc. is a technology developer and provider of rich-media b3d software tools for 3-D animation on the World Wide Web. The Company's rich-media technologies include proprietary authoring tools used to create, author and serve content for the World Wide Web. The Company markets the technology used to view content created using its tools by syndicating b3d-produced content to third party Websites. Brilliant is commercializing the technology in various ways, including through its syndication relationships, where it enables Websites to serve Brilliant Banners, a proprietary rich-media ad format for the World Wide Web. The Company also licenses its b3d authoring tools to production studios and its Brilliant Banner advertising server technologies to the Web-based advertising industry
       


          this "snake" is preparing to "bite"
     
  9. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    http://www.securityRe: Yahoo 'Web Beacons' ( <g> )

    The 'Brilliant' threat has been totally (up to this moment, anyway) covered/disposed of by our own 'javacool' (see this thread: http://www.security-pro.co.uk/yabb/YaBB.pl?board=privacysoftware;action=display;num=1017969919 ) , Robin Keir  ( http://keir.net/bde.html ) and AA.

    I've read that it's useful to run all three, as supposedly no one program gets all the applicable registry entries. Pete

    *You know what gets me about things like the 'Brilliant' ploy? For every one of us that d/l's, finds and destroys their stuff, they're probably ten thousand other people affected that'll either never know or don't care.

    That's sad. Pete
     
  10. FanJ

    FanJ Guest

    Snowman,

    I'm wondering whether the use of IE-SPYAD (from Eric Howes) and/or the HOSTS file (from S.Martin) wouldn't do the trick.
    Hosts just blocks lots of sites; IE-SPYAD will put lots of sites in the restricted zone, where you then block every thing.
    IE-SPYAD is more or less based on that HOSTS file.
    There are lots of Yahoo and AOL sites mentioned in them.
    I use both of them, together with the ad-blocking feature in NIS. And besides that, I use IEClean to block nasty things like ActiveX, Java, Java-script, WSH.
     
  11. snowman

    snowman Guest

         Pete

        please excuse my delayed reply....was away most of the day.....in fact, spent several hours cleaning brilliant off of other people's computers........gosh, some of those computers had every spyware ever known..

        unfortunately just cleaning <brilliant> imo is not going to come even near to actually preventing this problem........my "guess" only..     if you notice from my previous post <brilliant> states that it can be dl from websites..........not just by installing a particular program.     so,,,,,what will be dl'ed when visiting such a website??

         <brilliant> has also set aside funds to defend lawsuits that they are expecting to result because of their behavior.......(stock shareholders advisory)   should anyone care to read the finacial profile of this snake its stock symbol is <BBE>.....

         as yes,,,,you are ever so right in stating that countless people have this snake...an don't even realize it........today I cleaned eight computers personally.....an advised several people by phone....they will do their own cleaning.......    





            FANJ

            for some unknown reason I have not been able to install ie-spyad.......have tryed numerous times...it just wont........I was however able to look at the urls listed an copied a whole bunch one at a time to the restricted zone..........very time consuming....

          I am using a combination of several programs to block..........reason being that as yet....after extensively trying many combinations I have not found that any one program alone will block "absolutely".....   fortunately the programs I am using to block were already installed on my computer so nothing extra had to be added....an no lost of resources........

         this may be seen as an overstatement....but I honestly believe there is much more to this issue than meets the eye.........there is a rogue company involved here.......willing to go to the extreme.....other companies will follow in the same path......by the time lawsuits are filed......a cases get into courts....these companies will have collected enough personal information to make it all worth their efforts.....

          hopefully I am wrong.....truely I hope that I am....
     
  12. snowman

    snowman Guest

          TYPO CORRECTION



          the stock symbol for brilliant is <BDE>  


       
     
  13. FanJ

    FanJ Guest

    Hi snowman,

    With respect to IE-SPYAD: you do use Internet Explorer?
    As far as I know IE-SPYAD only works with IE.
    We could ask Eric Howes to come over and try to help you with the problem.

    With respect to that other thing: I have read with great interest your postings and the replies to it a few months ago at the old forum and at Becky's.
     
  14. snowman

    snowman Guest

          Pete

         I've been doing alittle more research.....an came up with the names and urls of sixteen companies that have partnered with <brilliant>............since I am un-sure of what the policy is regarding the posting of this info.....I'll simply say the this information can be obtained at <www,brilliantdigtal.com).........A CAUTION IS ISSUE REGARDING GOING TO THIS WEBSITE.......althought I did not experience any outward problems when I went to the website.....nevertheless serious caution should be used......


           it would seem safe to state that the well known spyguy <doubleclick> is partnered with <brilliant> ....this may explain the web beacons at <yahoo>

          since its also public information...it would seem safe to state that <intel> has also partnered with <brilliant>


          the other names and urls of "partners" can be obtained at the <brilliant> site.  

           Respectfully I do not desire to get way off topic here........an certainly have no desire to unknowinging  post anything that just may not be within BB policy....an therefore wont post all the names and urls......


          as a final note:    <brilliant> is not in very sound financial condition.......its depending greatly on using the "victims" that installed their hidden software.....to generate financial revenues........( a public statement made by the company)
     
  15. snowman

    snowman Guest

            FanJ

           yes..I use IE.......just for some reason ie-spyad wont even open.....it says that its installed...but isn't....no urls are added to restricted zone....none.

          I've wondered if the cause may be the file protection of my os?


           on that "other" issue.......honestly until you made this post I didn't think anyone was even slightly interested.............really I didn't!    

           what I've learned in the past few months on that "other" issue would shock most people....even the very experienced..........eventually it will all come to light when there is more awareness.....or a major problem hits........until then I rarely discuss the issue.......first I don't have the knowledge to properly explain my findings.....an secondly....I doubt if those finding would be believed.........an I never debate.

           thank you for letting me know you are awear of the other issue.......after awhile it got kinda lonely trying to research the issue alone........I've spent hundreds of hours on the issue.......an I've learned enough to say that I wont be purchasing a new computer for some time to come....if and when my present computer fails....I am off the internet for good.
     
  16. FanJ

    FanJ Guest

    Hi snowman,

    With respect to IE-SPYAD:
    I guess you have read this page:
    http://www.staff.uiuc.edu/~ehowes/ie-spyad.txt
    I have just send Eric Howes an email asking him whether he could have a look at your problem (but of course I don't know whether he has the time).
    Maybe it would be a good idea in the meantime when you post your IE-version and which Windows (98, ME, 2000, etc.) you're using.


    On the other issue:
    I can understand how lonely you must have felt.
    I wished I had more knowledge about the topic....
    If I remember me correctly it were Kevin and Mike over at Becky's who gave some more info about the topic.
    Snowman, I have read what good things you have done to others!!! Many persons (and I'm amongst them) would miss you very much if you would decide to stop with "internet". As Paul already wrote: consider yourself amongst friends!
     
  17. snowman

    snowman Guest

             FANJ

             my heartfelt thanks for your kind words....most definitely I consider myself among real friends here...several of whom I have been sharing posts with for at least a couple of years.........

            my os is winME.......that monster that so many don't seem to like ....lol.......an I just love it.........it just has a learning curve.......oh gosh bet that gets a few replies and laughs...........lol


         
           
     
  18. Snowman:

    I've read through your description of the problem and I must admit that I'm a bit puzzled. IE-SPYAD is just a simple Registry file. If the specified sites aren't showing up in your Restricted zone, then several things could be wrong here:

    1) The .REG file association is messed up somehow on your box. In other words, WinMe isn't handling .REG files properly when you doubleclick on them.

    Make sure Internet Explorer is closed.

    Try opening REGEDIT.EXE yourself (Start >> Run >> REGEDIT.EXE) and importing IE-ADS.REG from within RegEdit (Registry >> Import Registry File...).

    Now check the Internet Options box. Do the sites show up now?

    2) Your Security zones could be messed up somehow.

    To check for this possibility, do the following:

    * In Internet Explorer, add a site named "thiis-is-blocked.com"  (without the quotes) to your Restricted zone. Then add a site named "this-is-trusted.com" to your Trusted zone.

    * Now, open REGEDIT.EXE (as before) and export the following Registry key to a Registry file (Registry >> Export Registry File...):

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

    * Zip up the resulting .REG file in a .ZIP file and email it to me at:

    eburger68@myrealbox.com

    I'll take a look at it and see if I can find anything amiss in the configuration of your IE Security zones.

    The System File Protection Scheme shouldn't be preventing IE-SPYAD's .REG file from adding sites to your Restricted zone. Do you have any other Registry monitoring programs running, though?

    In any case, try my first suggestion. If that doesn't work, then export the .REG file per my second suggestion and email it to me.

    Best,

    Eric L. Howes
     
  19. FanJ

    FanJ Guest

    Hi Eric,

    Many thanks for coming by and your help!
    I hope it will help snowman with the problem!

    Best regards, Jan.
     
  20. snowman

    snowman Guest

          ERIC....greetings

          thank you for giving of your time to come in an effort to help me....its sincerely appreciated.

          well Eric,,,suddenly I feel very very dumb....cause you may well have pointed out my install problem instantly.

           yes. I have a program that prevents .reg files from opening/installing..........reg  is banned.   an of course we know what that means...

           when I went to install ie-spyad.....after the right click,,,,the window appeared.....I forget now what it asked...but I do recall that the "needed" entry to be made by me was grayed out.....could not install.......the most I got was "three files opened".......but nothing installed.      A search did reveal a folder with the files...one of which I opened manually.....an was able to view the "urls".....thereafter I typed each url one at a time into the restricted zone......got as far as the D's before burning out....I type very slow.......but hey, I wasn't just going to give-up....

             At the moment I haven't as yet had any sleep in 36 hours..so will rest before dl'ing you great program and going for the install......only this time I will allow reg files.

           my apology...I realize the vaule of your time an feel rather bad to have imposed on you in this manner...however I compliment you for your willing to come here and help......this I greatly respect.

           will get back to you with the results.




         FANJ

         thank you ever so much for also taking of your time to help me......I am most grateful.

        must get some sleep now....will post the results upon successfully install.
     
  21. Snowman:

    No problem. I sometimes forget what privacy/security programs I have running, too.

    Just out of curiosity, what is the reg monitoring program that you're running? Is it Jason Levine's Script Sentry?

    Let me know what happens after you disable the monitoring program.

    Best,

    Eric L. Howes
     
  22. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Snowman: There's no policy as far as naming partnered companies. It's all a matter of public record - BDI is a  publicly traded company. Pete has no problem (and RIGHTFULLY SO) in naming Yahoo and AOL for their transgressions. By the way, I'm not so sure these "partners" would agree with the designation. If you read carefully, they are simply companies who have contributed in one way or another to the "B3D" technology. I will name the "partners" for Brilliant Digital and everyone can do what they want with the information - good, bad or indifferent.

    Alias|Wavefront    
    Motek
    LIPSink
    Discreet
    face2face
    Digimation
    Voxware
    Worlds.com
    Intel (!)
    3DION


    The really sad thing is exactly what Pete said, and he said it well, "You know what gets me about things like the 'Brilliant' ploy? For every one of us that d/l's, finds and destroys their stuff, they're probably ten thousand other people affected that'll either never know or don't care." Well said.

    John
     
  23. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Well said indeed.  There are times, unethical as it may sound, and certainly not original on my part, that some blackhat would introduce a worm as prolific as "Love" that would alert the mass non-cognisant to the invaders which infest their machines.

    Hello, Kult of the Flying Porkers, are you listening?

    Minor edit caused by vodka.
     
  24. snowman

    snowman Guest

        Eric

         I well definitely advise you of my results......frankly I am anxious to give the install another go......right now I am working on that first cup of coffee.....but just as soon as my feeble mind clears I'll give it a go-for-it

        I'am using script defender....but it can't be disabled...will have to completely un-install it...I realize that normally it does not work like that an the intercepts could just be removed.....in my case....for some unknown reason....several of the intercepts refuse to be removed......its a quirk...   but its saved my bacon a few times........again...much thank you for giving of your time.




     

         Lov2Bsecure

           Thank you for advising....got a few more urls to add :

               <casino on net>
                <X10>
                <3dion.com>
                <http://thequality.com>
                <androidiq.com>
                <invisionaries.com>
                 <glssonion.com.au>
                 <doubleclick>


           to add alittle flavor to this stew..... one of the supposedly highly secure trading online trading tools I used went bonkers this morning after I placed blocks on the urls you and I have listed.....I was much to tired ans sleepy to fully dig into this at the time.......but it appears that the "immediate market news" ...which delivers moment by moment news on companies...was/is the envalope with the mail being sent out......the stock ticker was clean.......this is a java applet program....ran in a sandbox....but java applets will bypass many security programs and settings.....fortunately  it appears its now on a leash to some extent....will need to monitor it very carefully...an get the ole bloodhound to sniff its foul oder.

          also, I tested entering <yahoo> sites an was locked out of finance....but strangely..it was on and off.
    Definitely an attempt was made to re-direct my connection.

         at the moment this is only a very wild guess..but I strongly suspect that there is widespread use of the brilliant technology....an would not make such a statement without otherwise having experience some unusual behavior at several websites.....it time it will all come to light if this is happening,,,,

        I am wondering if folks are not realizing that tracking is being done by way of the 3d banners and ads?...
     
Loading...
Thread Status:
Not open for further replies.