Thread: Anti-Tracking ?
View Single Post
  #10  
Old 12-21-2003, 01:55 PM
quitsendingmetrash quitsendingmetrash is offline
Member
 
Join Date: Dec 2003
Posts: 29
Default

this question slapped me in the face as i signed up to this forum in order to post my reply to barcode_.

----how safe is it to sign up to a forum?----
keep in mind, this question evolved while i was signing up to a reverse engineering forum under the topic of antiTracking.

the first thing that happened after i signed up was a prompt stating that i had to first activate my registration by replying to an email. using just a little of your imagination it should not be very hard to see the security issues running through my head. i have to do WHAT? --login to my email account! are you crazy? with all the cookies and tracking software out there.

altering my question
----how complicated would it be for a forum to obtain my email password?----
more things to keep in mind
1)browser
a)internet explorer
b)netscape
c)mozilla
d)opera
e)lynx

2)browser sessions
a)i used the same session of my browser to go login to my email account and then came back to the forum.
B)i opened up a new browser window to login, but kept the forum session window open.
c)i closed the forum session window and all other open browser windows; i proceeded to check my email and then closed my browser and reopened a new one to log back into the forum.

3)browser plugins
a)my browser supports javascript, activeX, or something simular
b)my browser only supports html

4)programming packages
a)i have no programming software installed, compilers or interpreters
B)i have an interpreter installed ex) python, pearl, java, or tcl/tk
c)i have some type of c/c++ or asm compiler (more than likely these do not apply, but what do i know)

5)OS
a)unix variant
b)microsoft
c)macintosh
d)other

--this is a giveMe but i did do this (OOPS to late now)
6)could i already have a trojan from the site.
a)install a package from the forum website before signing up
a1)a game ex)Re-Try
a2)a utility ex)uncc, NFO Scroller
B)i did not install any thing from the website
c)the website installed something without my knowledge

7)paranoid
a)i am just way to paranoid
B)i am ignorant and don't know any better
c)i am paranoid and ignorant

attemptedScenario-
joeMammy is curious about learning to program. he installs tcl/tk on his computer. after playing around for a couple of hours he learns that there is a plugin for his browser that enables him to run tcl/tk scripts on his webPages. how delighted he is. he has spent the last two months learning html and has created his own homePage. after spending the past two days at the tcl/tk homePage reading tutorials and writing code, he ventures off to find some more resources. he comes across johnTheJackers tcl/tk for newbies webSite. he finds some very useful information here and to his surprise the tutorials are written in newbieEnglish. "man, i must be in tcl/tk learningForNewbiesHeaven." he thinks to himself. he has so many question to ask, as this is his first attempt to learn a programming language. low and behold there is a forum on this website. "oh boy, i will be able to ask all of my of questions here." after reading through several of the topics, joeMammy generates enough balls to post his first question. when he hits the replyToPost button it informs him that he must first register. "no problem" (now this is a tcl/tk website so guess what is scripted all through out the pages--and we already know joeMammy has installed the tcl/tk plugin for his browser)
after registering he is informed that he has to go login to his emailAccount and activate the registration. not knowing any better he uses the same browser session to go to yahoo, and then he activates his account. after activating the account he is given the option to go straight from his email to the forum and he does so, simply by the click of a link from his email.
-endOfScenario

now for my next question-
----is there any one out there who can assure me that there is no way for johnTheJacker to obtain joeMammy's password using his tcl/tk scripts, when joeMammy logged in to his emailAccount?---- (tcl/tk is used in the scenario, but i am invisioning any scripting/programming language.)

surely this would be a simple task for an experiencedJacker to do. and if joeMammy installed a game or another program there surely would have been a trojan in it (from this paticular webSite). but i am curious to know if the webSite itself could be a trojan or some sort.

----how can the ignorant protect themselves----
(infiniteLoop=read, learn, question, test, examine, read, learn, question, test, examine=infiniteLoop)

1)i would like to state that this is just a scenario i created. the names and instances are all made up and are referring to no one in paticular.
2) i would like to thank everyone for there invaluable brain and time.
3) i would like to applogize to anyone who found these questions a waste of their brain and time.
4) i would like to thank reTeam and all the other informative webSites on the internet, for your information, time and hard work. (i am training my brain to be a sponge for valuable info, without decent sites, i would have nothing but crap to soak up from all the bullCrap most sites are embedded with)
5)i would like to clarify that in the above referall --6) a1) and a2)-- to trojans i used Re-Try, uncc, and NFO Scroller as *EXAMPLES* and in *NO* way was i implying that they are trojans. (i would not know because i don't know how to program, therefore i can't decipher sourceCode)
6)i want to compliment RET for Re-Try, and yes it is addicting. thanks guys/gals for all the hardWork!!!
7)it was not my intention to turn a simple question into an essay(ohWell!)
Reply With Quote