|
Vulnerability Development
mailing list archives
Re: jump2.eudora.com
From: "Teicher, Mark" <mark.teicher () NETWORKICE COM>
Date: Tue, 29 Aug 2000 17:08:16 -0700
It is a real pain, especially when the check seems not be working correctly.
/m
At 12:11 AM 8/28/00 -0400, Matt Zimmerman wrote:
On Sun, Aug 27, 2000 at 04:32:58PM -0400, William Daskaluk wrote:
> So it sent a request to jump2.eudora.com which looks like the following...
>
> GET /jump.cgi?action=update&platform=Windows 98
> v.04.10.2222&product=Eudora&version=4.3.2
>
> All that other junk in the tcpdump was just your computer negotiating a
> connection.
>
> Where exactly is this 'information' that eudora is sending? It looks
to me like
> it is simply checking to see if a newer version of Eudora is available.
- The OS and version running on the origin host
- The version of Eudora running on the origin host
- The fact that the origin host is probably used for reading mail
- A hint that the origin host is probably a single-user system (where security
tends to be weaker)
Probably harmless in most situations, but there should be an option to disable
this check for the benefit of security-paranoid and privacy-conscious users.
--
- mdz
 By Date 
By Thread
Current thread:
|
Intro
