lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: ebay at thehangout.de (Tim Hecktor)
Subject: AW: Google Search and Gmail Correlation

 Hello,

Most of the URL's google finds are pointing to ip Adresses. The people seem
to be to 
Lazy to set up a subdomain for their cam's because it will be a part of a
frameset on their website
And the url would not bee seen anyway. I just greped one example, the camera
reached under
axis_64ddf3.axiscam.net:7000/view/index.shtml?videos=one is acually bound
into their website in the
frameset found on
http://www.calgaryflyingclub.com/frame_webcam_parkinglot.asp so google found
it there. Those Axis cams are
easy to find using allinurl on google because they have their webserver
included and so their URL's are all the same.



-----Urspr?ngliche Nachricht-----
Von: full-disclosure-bounces@...ts.netsys.com
[mailto:full-disclosure-bounces@...ts.netsys.com] Im Auftrag von
Colin.Scott@...lc.com
Gesendet: Freitag, 25. Februar 2005 10:28
An: full-disclosure@...ts.netsys.com
Betreff: Fw: [Full-Disclosure] Google Search and Gmail Correlation


A little OT but I was pondering the other day about something.

Remember the Axis network camera "inurl" search that exposed internet facing
LAN cameras? Well I noticed that lots of those cameras are configured on
high ports. 7000 for example. Now, I wondered how Google gets those cameras
into its cache. Ok so there may be a web facing link _somewhere_ that
references the URL... but when you search there are hundreds of these
cameras in Google's cache. Now are Google going to tell us that they got
there merely from web links? Is Google doing port scans when it finds an IP?
Probably not.... So how about the Googlebar secretly updating Google's cache
when we use these things?

Just a ponder, please dont flame me if its been covered before, I havent got
my flame-proof trousers on today!  :)

Cheers,

Colin.






 
"?d?m Szilveszter                                             
             dr."
<adam@....hu>                                              To
Sent by:                  full-disclosure@...ts.netsys.com
full-disclosure-b                                          cc
ounces@...ts.nets
ys.com                                                Subject
Re: [Full-Disclosure] Google Search
and Gmail Correlation                            24/02/2005 12:12
!
                                                              



Hello Cody,

I think that what you are observing is this: the cookie you get when
visiting your gmail account is valid for the whole google.com domain, and
therefore will be transferred again when you do web searches as well.

As you write, this is not a bug per se, the cookie mechanism is working as
expected.

It is also obvious that such an approach may raise privacy concerns.

Now, *if* google wanted to mitigate this problem, it would be easy. They
should migrate the gmail service web frontend to a subdomain (say:
gmail.google.com) or even a whole new domain (gmail.com exists already but
www.gmail.com merely redirects) and make the cookie only valid in that
domain/subdomain.

The questions is, do they want to do this?

And yes, for now, if you are privacy conscious, delete the cookie before
doing a Google search (or using any other Google service).

Regards:

Szilveszter Adam
Budapest
Hungary
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html




****************************************************************************
*******

This e-mail is confidential and may contain privileged information.  If you
are not the addressee or if you have received the e-mail in error, it may be
unlawful for you to read, copy, distribute, disclose or otherwise use the
information which it contains.  Under these circumstances, please notify us
immediately by returning this mail to 'mailerror@...lc.com' and deleting
this e-mail from your system.

Any views expressed by an individual within this e-mail do not necessarily
reflect the views of Cadbury Schweppes Plc or its subsidiaries.  Cadbury
Schweppes Plc will not be bound by any agreement entered into as a result of
this email, unless its intention is clearly evidenced in the body of the
email.  Whilst we have taken reasonable steps to ensure that this e-mail and
attachments are free from viruses, recipients are advised to subject this
mail to their own virus checking, in keeping with good computing practice.
Please note that email received by Cadbury Schweppes Plc or its subsidiaries
may be monitored in accordance with the prevailing law in the United
Kingdom.

****************************************************************************
*******


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ