lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: joel.esler at rcert-s.army.mil (Esler, Joel CNTR/Sytex) Subject: Fw: Google Search and Gmail Correlation IIRC, only if you turn on the "advanced features" J On Fri, 2005-02-25 at 15:46 -0500, Nancy Kramer wrote: > If you run the Google Toolbar they do know where you have been surfing on > the web. They do record it. That's how you "pay" for the Toolbar. Your > theory sounds correct to me. > > Regards, > > Nancy Kramer > Webmaster http://www.americandreamcars.com > Free Color Picture Ads for Collector Cars > One of the Ten Best Places To Buy or Sell a Collector Car on the Web > > > At 04:28 AM 2/25/2005, Colin.Scott@...lc.com wrote: > > > >A little OT but I was pondering the other day about something. > > > >Remember the Axis network camera "inurl" search that exposed internet > >facing LAN cameras? Well I noticed that lots of those cameras are > >configured on high ports. 7000 for example. Now, I wondered how Google gets > >those cameras into its cache. Ok so there may be a web facing link > >_somewhere_ that references the URL... but when you search there are > >hundreds of these cameras in Google's cache. Now are Google going to tell > >us that they got there merely from web links? Is Google doing port scans > >when it finds an IP? Probably not.... So how about the Googlebar secretly > >updating Google's cache when we use these things? > > > >Just a ponder, please dont flame me if its been covered before, I havent > >got my flame-proof trousers on today! :) > > > >Cheers, > > > >Colin. > > > > > > > > > > > > > > > >"?d?m Szilveszter > > dr." > > <adam@....hu> > > To Sent > > by: full-disclosure@...ts.netsys.com > > full-disclosure-b cc > > ounces@...ts.nets > > ys.com Subject > > Re: [Full-Disclosure] Google > > Search and Gmail > > Correlation 24/02/2005 > > 12:12 > > > > > > > > > >Hello Cody, > > > >I think that what you are observing is this: the cookie you get when > >visiting your gmail account is valid for the whole google.com domain, and > >therefore will be transferred again when you do web searches as well. > > > >As you write, this is not a bug per se, the cookie mechanism is working as > >expected. > > > >It is also obvious that such an approach may raise privacy concerns. > > > >Now, *if* google wanted to mitigate this problem, it would be easy. They > >should migrate the gmail service web frontend to a subdomain (say: > >gmail.google.com) or even a whole new domain (gmail.com exists already but > >www.gmail.com merely redirects) and make the cookie only valid in that > >domain/subdomain. > > > >The questions is, do they want to do this? > > > >And yes, for now, if you are privacy conscious, delete the cookie before > >doing a Google search (or using any other Google service). > > > >Regards: > > > >Szilveszter Adam > >Budapest > >Hungary > >_______________________________________________ > >Full-Disclosure - We believe in it. > >Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > > > > > > >*********************************************************************************** > > > >This e-mail is confidential and may contain privileged information. If > >you are not the addressee or if you have received the e-mail in error, it may > >be unlawful for you to read, copy, distribute, disclose or otherwise use > >the information which it contains. Under these circumstances, please > >notify us immediately by returning this mail to 'mailerror@...lc.com' and > >deleting this e-mail from your system. > > > >Any views expressed by an individual within this e-mail do not necessarily > >reflect the views of Cadbury Schweppes Plc or its subsidiaries. Cadbury > >Schweppes Plc will not be bound by any agreement entered into as a result > >of this email, unless its intention is clearly evidenced in the body of > >the email. Whilst we have taken reasonable steps to ensure that this > >e-mail and attachments are free from viruses, recipients are advised to > >subject this mail to their own virus checking, in keeping with good > >computing practice. Please > >note that email received by Cadbury Schweppes Plc or its subsidiaries may > >be monitored in accordance with the prevailing law in the United Kingdom. > > > >*********************************************************************************** > > > > > >_______________________________________________ > >Full-Disclosure - We believe in it. > >Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > > > > > > > > >-- > >No virus found in this incoming message. > >Checked by AVG Anti-Virus. > >Version: 7.0.300 / Virus Database: 266.4.0 - Release Date: 2/22/2005 > > -- Esler, Joel CNTR/Sytex <joel.esler@...rt-s.army.mil> -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050225/13013f62/attachment.html
Powered by blists - more mailing lists