Seems like a new exploit is upon us folks. My internet explorer zone setting are set to prompt before submitting non-encryped form data...; set and forget..right......nope, wrong! I noticed that at certain websites the warning window would appear already "CHECKED"......removing the "Check" didn't matter in this exploit.... if you continue....in order to get to the next page.....guess what..you get a cookie! Thats a new way..it seems..for websites to unload cookies.....it bypasses IE settings.....even if set NOT TO ACCEPT COOKIES........ if you test this yourself....afterwards look at your setting for: " prompt before submitting non-encrypted form data" you will notice that no box is checked. I tested this at several websites..........an after doing a search of my system found several cookies..........of course the website was identified by the cookie.... The websites wont be named in this post. Perhaps the post will alert them to change this practice or be seen for what they are....their choice. End of subject. Consider very carefully the dangers of this practice......used by spyware etc.
UPDATE Sadly this exploit was first noticed at a security website.....well, in the past few minutes its been discovered at yet another security website. These are people we trusted.......no, I wont name names.....don't ask.....
Had a cup of coffee and sat staring at the cookies collected......an now a final comment: Over the years I have gained respect for this forum...its administration and members. Because of this I have been careful not to drag it into a "flame".........which would serve no useful purpose. Therefore, I have concluded....that no further posts will be made by me on the subject of this exploit. Other than whats already been posted. Eventually if the practice continues someone else may get involved but it wont be me. As of this post....I personally close this topic for myself.....meaning no posts by me. Thats all I have to say. The Snowman Guy
OPPS...forgot to add: This forum is one of the best there is.....for this I thank Paul and all members.........here is a safe haven......may everyone enjoy it as much as I have over the years.......thanks Paul.
My previous posts stand: this is a twist to the exploit: <google> is now using it..but not downloading a cookie....instead...in the restricted zone ....the setting were changed from "prompt" to enable" This is one bad exploit.....just walk away from websites using it....... posted on a need to know.....I am ot of here now..pc shuting down!
Ranjor oh, I know darn well what a cookie is......surprised that you of all people would ask me such a question.............I've been collecting cookies all last night and putting then into a special folder for the right time..... now...since you ask a question...so shall I......do you understand the meaning of being hacked....like when someone intentional sets out to change or bypass your security setting......maybe the word is hijacked...whatever the case...its the very same as what being seen in the HiJackThis logs...spyware. an thats a fact! There wont be any arguing the point..not with me..in fact, lets see how many weak people will tolarate this nonsense,.....lets let it continue....for awhile.........there is already alot people awear of the issue........its not a cookie issue..oh no.........this is outright invading a person's computer against the person's will...........frankly I don't even care....there is always a work around....always.........an Ranjor, I don't intend to make further comment..so if you care to thats your business.....
Snowguy I wasn't directing that to you! It was for others that may not know what a cookie is. I need to work on my wording a bit. I changed the wording in my post. It is clear that you know what you are talking about. Apologies.
and the URL of this "new exploit" ? Perhaps a second opinion of what you feel you have found would shed light on what might be an exploit. Bubba
ronjor an my apology to you as well....I honestly miss-understood your wording. By your posts I believe you are a very nice person. Due to the nature of the topic I expected some flaming.....eventually it will come............but wont matter at all.....there are many others involved now.......... Bubba as my previous post stated.....no names......meaning no urls either.....unless you want to check out <google> ....<google> just changes the setting in "submit non-encrypted form data" the exploit has already been verify by several others...... An again..this is not about cookies......although cookies are involved..... This is about the deliberate changing of a person security settings.....the invading of a person computer........there is not a person at this forum who has allowed this in the past......its what every honest privacy advocate has stood against for years.......... I have absolutely no issue with the use of cookies.........however, to deliberately change or bypass a person's security settings.....thats an entirely differant matter.
I'm not sure I understand considering your making an accusation and offer no proof other than you and "others" have verified it. Users as a whole benefit when valid info is shared but will respect your decision for not sharing. Bubba
Bub thank you for your intelligence and understanding in regards to respecting my decision. Friend I just underwent life threatening surgery...can barely walk.....there are more than enough healthy people able to research this issue without my having to harm my health any more than what it is. Am not a person with a need to explain myself.........previously posted that as far as I am concerned this topic is closed.......only in respect to Ranjor and yourself were replies by me made....please give me the same respect in return. enough info has been posted any anyone with a computer., broswer,. and internet conection can research this for themselfs.....its not complicated.......takes very little effort for a person to ckeck their internet explorer setting and other files......... You used the word "accused"....I have not pointed a finger at any one person....nor named any one person.., an don't intend doing so. That isn't my way. The people involded may have a reason for this behavior that they believe is of high priority.....to them this may not be consider as an exploit............I can't speak for others...what motivates them. The "exploit" is happening all over the internet.....many websites....what I see as an exploit to yours such as webmaster it may be considered protection. This is yet un-known. Must shut down now....am very weary.......need much rest or will find myself back in the hospital. SnowPerson
TYPO: this: "as an exploit to yours such as webmaster it may be considered protection. This is yet un-known." should read: "as an exploit to "OTHERS" such as a webmaster..etc.,etc also, a brief comment....other than changing setting the cookies are of no big concern......but once those seting are changed....an the USER goes to other website.........the User is wide-open for more exploits.....possibly bad ones that could harm a computer....hijackers........if a file change change setting...what else? what other settings?
Snowguy I keep Cookie Pal on my computer. I've used this program for years. Works great with IE and others. I no longer use IE. I use Firefox with popup blocking and a cookie program built in. No active x to worry about either. Hope I'm not off topic as far as your post goes.
Ranor my friend cookie pal wont prevent this. Tell you what....just open explorer.......go to c:/windows/temporary internet files......there will be some sub folders.....check them out.......am not sure how this thing works on the broswer you are using..........both guess what...this is not totally un-preventable............ be nice if I were feeling better...this would be fun.....this thing is not complicate at all. By the way...I deeply respect you for at least showing interest................as well as Bubba..........this all came about by accident......no one was looking for it..........then bang......... this means there is no such thing as a secure connection anymore....pity the online bankers...credit card users.....those doing any financial transactions...........most of the larger websites are using it now.......an of course its all very innocent.......kinda petty really
RANOR I am on my way off the internet....don't know when I'll be back....an just want to say that it was my pleasure meeting you. You have got a special talent about security......please continue with it....there are so few sincere advocates left......its near the point where all that is wanted is a quick fix......very little real interest is expressed in learning the whats and whys of it all........good luck my new friend.....an watch that java script and <css> Best Regards ThatSnowmanOnTheWayOut
Snowguy Thank you for you kind words. I hope you can make back online so we can continue this discussion. I don't like sneaky programs or sneaky sites. I hope your health improves and you feel better along the way. I enjoy your posts. They tell it like it is. We need more of that!
hi, i am pretty new here. I see some of the posts are from regulars, and from what I have experienced at other fourms, those are the ppl to listen to. I am not positive just what you are talking about and I am wondering if my using Opera would make a difference? I was just at a site and I won't mention the name since its your ball game, but opera wouldn't let them put a cookie through to my PC. And that does not happen a lot. thanks for the heads up B
