Most trusted online security scan?

Discussion in 'polls' started by optigrab, Oct 22, 2003.

Thread Status:
Not open for further replies.
  1. crockett

    crockett Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    333
    Of course, FB indeed first filtered by WW as seen below.

    Again, Beonex - although a close relative to FB - does not suffer from the same flaw.

    BTW, I still have to first add 'blank page' to the Bookmark list before I can get the 'import option' to function... That's annoying too.

    Rgds, Crockett :cool:
     

    Attached Files:

  2. crockett

    crockett Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    333
    :D
     

    Attached Files:

  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Gee - do you think we have enough screenshots in here yet? :eek: Pete
     
  4. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    I just tested. nothing.

    You do know that in FB and mozilla by default they don't block referrers yes? You need to change/add network.http.senderreferrerheader to 0? One way is to add them into your user.js file.

    Sorry for checking with you about something so elementary but the screenshot you showed about options maked me wonder if you knew about this.


    If you have already done that, I suspect it's webwasher that is causing the problem either way please first test without it.
     
  5. crockett

    crockett Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    333
    Hi JayK ;)

    Just re-did some testing... Here are the results...

    Any browser, without Javascript, referrers allowed, with WebWasher disabling referrers, PCFlank can't see anything, Holmes can't either.

    Same thing, this time with WebWasher not interfering in any way on referrers, PCFlank and Holmes can see the originating site.

    So, as I already knew, WW works perfectly fine.

    If Javascripts are enabled in Opera, referrers allowed, WebWasher still does the job, on PCFlank and on Holmes.

    If Javascripts are enabled in Firebird, WW still activated, PCFlank can't see anything (because traditional refs are blocked by WW), but Holmes can (using Javascripts in some way to access the desired information)!

    So I don't think it's really a matter of referrers per se, but rather some flaw in the FB's Javascript managing which Holmes is able to exploit and use as if 'traditional' referrers were actually sent.

    Another point I believe is even more important... Let's say a newbie decides he is tired to surf on Internet Exporer, and tries FireBird as alternative browser... He knows not much, but he at least knows he should check the Preferences or Tools menus before getting started.

    He sees some choice in cookie management, and can decide which option to enable or disable in this regard. He sees other tweaking possibilities for Java, and Javascripts, and History and Cache, and so on... He tries to make the best possible choices he can based on the limited knowledge he has, and then decides to finally go and surf the Web.

    Then what happens ? With JavaScripts enabled, he clicks on a link to Holmes just to discover that Holmes knows where he's coming from. Rather surprising, and disappointing.

    What's my point ? Yes, one can go to user.js and add this or that line and change 1 to 0 and so forth, but that's something that should have been done before, and should have been done much more easily. That's something that should have been possible in the Privacy menu, or in the advanced menu, like many other privacy features.

    FireBird, Phoenix, Black Diamond FireBird do not allow it to easily be done. The only Mozilla family browser that does (to the best of my klowledge) is Beonex - which has a very precise referrers management menu, as you know.

    One always criticises M$, because many features were enabled by default in WXP - one only has to surf the excellent Steve Gibson's ShieldsUp! to find references to this.

    One cannot say referrers are as potentially dangerous as the XP features I'm talking about, but I think there is a similar kind of flaw in the way FB allows some (very good) sites such as Holmes to use JavaScripts as tracking tool.

    So much so that it could easily be corrected by the FB's programmers' crew - whose job I admire and respect, by the way.

    Rgds, Crockett :cool: (No screenshots today in order to spare fragile eyes :D)
     
  6. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    I use and trust grc.com(Shields Up).
    His website is very helpful if you have Windows XP. ;)
    I use the port scanner and I use his small utilities;UnPlug and Pray and DCOMbobulator.
    Mr. Gibson does a good job explaining his programs and some of the vulnerabilities in the operating systems.

    I really like the way he improved the port scanner.

    The other site that I use occasionally is auditmypc.com.
     
  7. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    No surprise.

    Just to confirm, you have network.http.senderreferrerheader=0 ?
    If not, that's not suprising without ww it doesn't work. If you are then it's a strange bug, since I can't reproduce it.

    No offence sounds like crap to me. Mozilla, FB, etc with JS,JAVA, on , but with referrers off I get no information at all about referrers on Holmes.

    I also tested with referrers on , JS on OR off, it still got the referrer. It is the sending of referrers fields that holmes is reading. Nothing else.

    Holmes is not using anything profound to check your referrer. at least in all my tests, js doesn't make a difference.

    About the presence of proxies.


    This one is interesting if it's true. But I tested using proxomitron AND later webwasher with JS/JAVA on, Firebird not blocking referrers , Holmes is still fooled.

    So in conclusion I don't see any such effect., I don't see anything clever that allows it to defeats proxies.

    In any case, adding network.http.senderreferrerheader=0 is sufficent to fool Holmes.

    All this I agree with (more than you know actually), but it's not relevant to the discussion. You mention some kind of bug, that the developers might like to know about, but I don't see it.

    If you have not please test by typing about:Config
    then change network.http.senderreferrerheader to 0.


    That is the problem with Mozilla FB, it is not a very good browser for a newbie but someone consicious about privacy. Changing the referrer field to send blank is considered something "advanced" not to be played with. They have also refused to "Fake" referrers .



    Sorry, but I don't see any evidence of Holmes using javascript to figure out where I'm coming from. With network.http.senderreferrerheader=0 Holmes sees nothing.
     
  8. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    fwiw:

    run proxo with open log window & see what matches:

    I get the following matches:

    Match 168: Hide Browser's Referrer from JS
    Match 168: Hide Browser's Referrer from JS

    along with a bunch of other matches Java, ads, banners, & JavaScript etc.
     
  9. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Let me try again. Since I'm clearly not getting through.

    Your browser will SEND the referrer string HTTP_REFERER to the server, regardless of JS is on or off. What proxomitron is detecting is the javascript part that grabs and displays it (document.referrer property). In any case, even with JS off , holmes can still display your referrer string through other means such as server side scripting.

    If a site is dumb enough only to use JS to display the results, then someone might think he is safe (because JS doesnt display it), but actually isn't since the info is given to the server, but because you have JS off it isn't displayed.

    If your browser doesn't send any referrers, JS is irrelevant. If it does, turning off JS won't help.

    When I was referring to JS revealing your referrers, I was talking about something more then just displaying your http_referrer maybe something clever like
    http://www.gemal.dk/browserspy/css.html which uses CSS
     
  10. crockett

    crockett Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    333
    Hi JayK :)

    If you will allow me, these few more lines to conclude my participation to the discussion since it seems to me it's getting nowhere while at the same time becoming rather uselessly tiring to me.

    Of course I don't - that seems evident.

    Well, of couse it's true. I don't have time to waste writing lies on this BBoard. If you don't believe what I say, then there's no point in even going on with the discussion on this subject. Why you get different results from those I get I don't know.

    I never wrote anywhere Holmes did defeat proxies - that's not the point.

    There's no way I'm gonna do it this way. I'll wait 'till the possibility does exist in the general interface so any newbie can access it. 'til then, I won't recommend FBird any longer

    Right - then I'll stick to Beonex.

    Well, at least I do and it seems after doing some testing by himself Peakaboo does also.

    Never said anything like it either.

    Well, at least many sites seem dumb enough not to even use Js to do it since I only got this result on Holmes.

    I disagree. That's the point of my previous posts. Turning off Jscript does make a difference.

    To wrap it up quickly, you have the right not to like Holmes, but the point was it's the only site I know off (I'm not saying others couldn't do the same nor that it's the only one currently doing it) which made me think 'hey, we have something weird going on here'.

    Js combined with FBird default settings does allow the results I described to be produced.

    Rgds,
    Going-back-to-Opera-for-a-(long)-while-Crockett :cool:
     
  11. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Dear Crockett

    Clearly you are offended. I didn't mean it that way, I was just curious if there was a bug as I stated before. I'm always eager to see why something fails.

    As it stands, you have found something I can reproduce , webwasher+normal FB+JS on allows Holmes to detect the referrer. So sadly I cannot file a bug report.

    Self-censored to avoid offending people.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.