lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1109365813.32122.15.camel@localhost.localdomain>
From: joel.esler at rcert-s.army.mil (Esler, Joel CNTR/Sytex)
Subject: Fw: Google Search and Gmail Correlation

IIRC, only if you turn on the "advanced features"

J

On Fri, 2005-02-25 at 15:46 -0500, Nancy Kramer wrote:

> If you run the Google Toolbar they do know where you have been surfing on 
> the web.  They do record it.  That's how you "pay" for the Toolbar.  Your 
> theory sounds correct to me.
> 
> Regards,
> 
> Nancy Kramer
> Webmaster http://www.americandreamcars.com
> Free Color Picture Ads for Collector Cars
> One of the Ten Best Places To Buy or Sell a Collector Car on the Web
> 
> 
> At 04:28 AM 2/25/2005, Colin.Scott@...lc.com wrote:
> 
> 
> >A little OT but I was pondering the other day about something.
> >
> >Remember the Axis network camera "inurl" search that exposed internet
> >facing LAN cameras? Well I noticed that lots of those cameras are
> >configured on high ports. 7000 for example. Now, I wondered how Google gets
> >those cameras into its cache. Ok so there may be a web facing link
> >_somewhere_ that references the URL... but when you search there are
> >hundreds of these cameras in Google's cache. Now are Google going to tell
> >us that they got there merely from web links? Is Google doing port scans
> >when it finds an IP? Probably not.... So how about the Googlebar secretly
> >updating Google's cache when we use these things?
> >
> >Just a ponder, please dont flame me if its been covered before, I havent
> >got my flame-proof trousers on today!  :)
> >
> >Cheers,
> >
> >Colin.
> >
> >
> >
> >
> >
> >
> > 
> >"?d?m Szilveszter
> >              dr." 
> >                <adam@....hu> 
> > To              Sent 
> > by:                  full-disclosure@...ts.netsys.com 
> > full-disclosure-b                                          cc 
> >   ounces@...ts.nets 
> >     ys.com                                                Subject 
> >                                 Re: [Full-Disclosure] Google 
> > Search                                        and Gmail 
> > Correlation                            24/02/2005 
> > 12:12 
> >
> >
> >
> >
> >Hello Cody,
> >
> >I think that what you are observing is this: the cookie you get when
> >visiting your gmail account is valid for the whole google.com domain, and
> >therefore will be transferred again when you do web searches as well.
> >
> >As you write, this is not a bug per se, the cookie mechanism is working as
> >expected.
> >
> >It is also obvious that such an approach may raise privacy concerns.
> >
> >Now, *if* google wanted to mitigate this problem, it would be easy. They
> >should migrate the gmail service web frontend to a subdomain (say:
> >gmail.google.com) or even a whole new domain (gmail.com exists already but
> >www.gmail.com merely redirects) and make the cookie only valid in that
> >domain/subdomain.
> >
> >The questions is, do they want to do this?
> >
> >And yes, for now, if you are privacy conscious, delete the cookie before
> >doing a Google search (or using any other Google service).
> >
> >Regards:
> >
> >Szilveszter Adam
> >Budapest
> >Hungary
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> >
> >
> >
> >***********************************************************************************
> >
> >This e-mail is confidential and may contain privileged information.  If 
> >you are not the addressee or if you have received the e-mail in error, it may
> >be unlawful for you to read, copy, distribute, disclose or otherwise use 
> >the information which it contains.  Under these circumstances, please 
> >notify us immediately by returning this mail to 'mailerror@...lc.com' and 
> >deleting this e-mail from your system.
> >
> >Any views expressed by an individual within this e-mail do not necessarily 
> >reflect the views of Cadbury Schweppes Plc or its subsidiaries.  Cadbury 
> >Schweppes Plc will not be bound by any agreement entered into as a result 
> >of this email, unless its intention is clearly evidenced in the body of 
> >the email.  Whilst we have taken reasonable steps to ensure that this 
> >e-mail and attachments are free from viruses, recipients are advised to 
> >subject this mail to their own virus checking, in keeping with good 
> >computing practice. Please
> >note that email received by Cadbury Schweppes Plc or its subsidiaries may 
> >be monitored in accordance with the prevailing law in the United Kingdom.
> >
> >***********************************************************************************
> >
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> >
> >
> >
> >
> >--
> >No virus found in this incoming message.
> >Checked by AVG Anti-Virus.
> >Version: 7.0.300 / Virus Database: 266.4.0 - Release Date: 2/22/2005
> 
> 

-- 
Esler, Joel CNTR/Sytex <joel.esler@...rt-s.army.mil>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050225/13013f62/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ