Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - pooms

Pages: 1 [2] 3 4 5
16
I seem to be getting a Microsoft JET error if I try to reply to any
posts on the forum:
 
quote:
Microsoft JET Database Engine error '80040e10'

No value given for one or more required parameters.

/pforum/post.asp, line 120
 


I'm assuming that this isn't just me.

 

17
Microsoft Help / MSN Messenger
« on: June 28, 2002, 07:21:58 AM »
If you are using MSN Messenger, you might be interested in this:
http://catless.ncl.ac.uk/Risks/22.13.html#subj8
I don't use it so I don't know if you can configure it to
"tunnel" through HTTP and use Proxomitron or not. Probably
not.

 

18
Security / Blocking selected codebase functions
« on: June 27, 2002, 04:04:42 PM »

19
Security - General / Honey Pots?
« on: June 26, 2002, 01:34:12 AM »
Have you tried looking in the "Windows95/98/NT/2k Defense" section here:
http://packetstorm.decepticons.org/defense.html
there's a few things there that look like they might be useful, although
I haven't tried any of them myself. I'm not sure how much I'd trust them,
although some come with code.



 

20
Security / Windows Media Player Pragma: log-line
« on: June 25, 2002, 06:25:41 PM »
I think I understand now why I wasn't always seeing the HTML POST with
the Pragma : log-line. Although I had configured the media player to
use a proxy for HTTP, I was also allowing it to use all possible protocols
in addition to HTTP. So I guess sometimes it would use HTTP and I would
see it in Proxomitron's Log Window, and other times it would not use
HTTP and I wouldn't see what was happening.

 

21
Security / Windows Media Player Pragma: log-line
« on: June 24, 2002, 11:13:34 PM »
So have you actually seen one of these Pragma: log-line headers as well?
The times that I've seen it, it almost looked like the POST call wasn't
supposed to happen. There was no data in the POST, and the URL for it
was the same as the URL for the video, and the server responded with an
error. But what worried me was that this might be some sort of built-in
thing about media player that other sites could be using, even if the
one I saw didn't seem to be configured to use it.
BTW, I'm using v 6.4 of media player.

 

22
Security / Windows Media Player Pragma: log-line
« on: June 24, 2002, 07:45:42 PM »
quote:
is the option "Allow Internet sites to uniquelly identify your Player" checked by any chance?


No, I unselected that some time ago and I played around with it
looking at what difference it made to the HTTP Headers. It still sent
the Pragma: xClientGUID, as Jor mentioned, but it sent a different GUID value after
you uncheck that box. I could only guess that it was sending a "generic"
GUID in that case. I suppose we could compare GUID's to see if that is the
case.

 

23
Security / Windows Media Player Pragma: log-line
« on: June 24, 2002, 06:27:44 PM »
I have Windows Media Player configured to go through Proxomitron and I
recently noticed an HTTP POST that was triggered at the end of a video
clip embedded in an HTML page. This POST contained an HTTP header starting
with
Pragma: log-line=  
followed by a whole bunch of stuff.
Included in it was the IP address of my computer, as well as the name of
my computer.
Unfortunately I haven't been able to cause this POST to happen again, so I don't
know what it was that triggered it. And in my trying to recreate it, I
forgot to copy and save the header line from the Log Window.  
So I'm not certain if it was "log-line" or "log_line".
I haven't found anything on the net that provides any clue about this
header. For now I've put in a header filter that looks for any occurrence
of my computer name in a Pragma header and calls $ALERT. Hopefully I'll
be able to catch this again and figure out what is going on.

 

24
Cosmetic / Change link style
« on: June 24, 2002, 06:03:53 PM »
Actually, quite a few CSS stylesheets posted here do use !important. In fact,
I kept seeing it so often I had to go and look at the spec to see what it
meant (not being a CSS expert). I was puzzled, because coming from a programming
background I read "!important" as meaning "not important" and I wondered why
you would define something and then say it was not important

 

25
Privacy / Mail Bug
« on: June 24, 2002, 01:19:00 AM »
It's definitely from my ISP and a friend forwarded me the copy that they got
and the ID's definitely change. But thanks for the suggestion of checking
the headers, as from that I could see that on the way to me it went through
flonetwork.com. After a little searching in Google I found out that Flonetwork
is a company which has been acquired by DoubleClick and is an "email marketing"
company. Here's a bit of a description of the product:
http://ezine-tips.com/list-tips/list-resources/20000204.shtml
Obviously my ISP uses their product.


 

26
Privacy / Mail Bug
« on: June 22, 2002, 01:46:35 AM »
I just received an HTML mail message from my ISP which contains this bug:

<IMG src="http://email.telus.com/cgi-bin1/flosensing?y=PKx0DxcWD0DUd0Bo">

a quick Google search on "flosensing" shows up a number of sites using
this CGI program, so I think it is a good candidate for the kill list.

I'm also not to happy that other links in the email show up like this:

<A class=lightgrey
   href="http://email.telus.com/cgi-bin1/flo?y=hPKx0DxcWD0DUd0FGFj0As">TELUS
            Privacy Commitment</A>

So the URL contains an identifier that has a core part in common with the identifier
sent to the mail bug. I'm just guessing, but if that part of the identifier
is unique for each person the mail is sent to, this would
allow them to correlate my email address with the fact that I clicked on
a link. In the above example, ironically, it is a link to their "Privacy
Commitment"!!!

Now I could be wrong, and the identifier is the same for everyone who got
the email, so I'm going to ask a few friends to send me copies they received.

 

27
Spam Blockers / JS Nukers
« on: June 20, 2002, 07:11:07 AM »
Try searching Google with "ifr'+'ame" as the search term. Lots of
interesting sites show up! Not exactly test sites, but some interesting
reading, especially that "ban man" stuff. You can log into a demo
version of their Ad Serving Software product and see examples of the
javascript code they use. And their "clients" page has links to tons
of customer sites. Here's one:
http://www.firefighting.com/

 

28
Questions and Answers / Newbie Q : alter posted data.
« on: June 19, 2002, 11:47:27 PM »
hmm, good point, that reminds me that I had some trouble related to
chunked encoding a while ago while writing Java code to POST XML
documents to my Apache server. My code didn't work, and when I
took a look at the HTTP that was being sent, I saw that it was
using chunked encoding. At the time I didn't really know what chunked
encoding was, but it was suspicious enough that I got rid of it and
then my code worked. I'd have to go back and test it again to be
definite that it was the chunked encoding that was the cause of my problem.


 

29
Questions and Answers / Newbie Q : alter posted data.
« on: June 19, 2002, 07:38:40 PM »
I don't think it is possible to apply a filter to the POST'ed data.
I also wanted to do that, in the case of SOAP XML documents being
POST'ed. Unlike the Header filters, which can be applied to either
the outgoing or incoming header values, the Web Page Filters only
apply to the incoming data. There doesn't appear to be any way
to have a filter that applies to the outgoing (POST'ed) data.

I didn't understand what Jor's answer had to do with your question at
first, but I think what he's saying is that you can try and modify the
code that generates the data to be POST'ed. In my case, that doesn't
work because the application that POST's the data is not Javascript.

There are several other applications that I've seen POST'ing data
that I thought would be nice to be able to filter: Windows Update,
Real Player, Virus Checker updates, etc.

 

30
Questions and Answers / Add a new HTTP header
« on: June 19, 2002, 07:27:54 AM »
For an outgoing header you do it like this:

[HTTP headers]
In = FALSE
Out = TRUE
Key = "x-new-HDR:"
URL = "*"
Replace = "AAA"

of course you might want to be more specific as to which URL's it
applies to.

 

Pages: 1 [2] 3 4 5