Home page logo
/

basics logo Security Basics mailing list archives

Re: Clear gif on a web site
From: Todd Haverkos <infosec () haverkos com>
Date: Fri, 19 Feb 2010 13:04:32 -0600

Alex <alex.tsr () gmail com> writes:

While I was trying to troubleshoot why squid could not finish loading
some specific web pages on a well known company's (you could even say
security related, too) web site I found this on squid's logs,

TCP_MISS/200 850 GET http://<LONG URL>r=<HTTP URL OF SITE THAT I
OPENED THE LINK
FROM>&cc=USD&ch=store%3AHHO&events=prodView&s=1440x900&c=24&j=1.6&v=Y&k=Y&bw=1170&bh=806&p=Picasa%3BShockwave%20Flash%3BFlip4Mac%20Windows%20Media%20Plugin%202.3%20%3BGoogle%20Talk%20NPAPI%20Plugin%3BHP%20Virtual%20Rooms%20Plug-in%3BiPhotoPhotocast%3BMicrosoft%20Office%20Live%20Plug-in%3BQuickTime%20Plug-in%207.6.3%3BSilverlight%20Plug-In%3B&AQE=1
DIRECT/xxx.xxx.xxx.xxx image/gif

This was what, for some reason, squid could not open. So, I took a
closer look to the whole URL and found out that this was a 2x2 clear
GIF which tracks the information you see above.

This made me wonder. Is it legal for sites to use these trackers? (I
suspect it's a gray zone) Is it considered ethical nowadays?

Hi Alex, 

It's a little surprising for it to be so non-obfuscated in the info
it's sending about your browser config, but there are lots of site
that do look at such info, and single pixel gifs are definitely not
new.  It's commonplace enough that it may pass for ethical, or at
least part of the terms of use at the website in question. 

Javascript (if allowed to run) can enumerate all that info with
built in methods, as in: 
      http://www.java2s.com/Code/JavaScript/Development/JavaScripttoenumerateanddisplayallinstalledplugins.htm

I imagine that image GET is dynamically created from client-side
Javascript.  The image itself isn't magical by any stretch, but what
the server is going with it once that info is logged is anyone's
guess.  It could be totally benign, or it could be using that as a
fingerprint of unique users, as any given users browser/resolution and
plugin fingerprint is typically rather unique.


Best Regards, 
--
Todd Haverkos, LPT MsCompE
http://haverkos.com/

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault