[Malvern] More on Lynx.

Richard Forster rick at forster.uklinux.net
Thu Feb 1 19:44:26 GMT 2007 

From:
Recent pings:	[None - trying pinging us to see something here]

This is referring to pings you recently sent to their IP address. What 
makes you think that it is NOT their business to record any and all 
traffic that is sent to them, should they choose? It does not refer to 
pings you recently sent to completely different IP addresses, nor to 
pings that others recently sent to them.
I can verify that when I send big pings to them (ping -s) the page shows 
the extended ping payload.

Cookies are similar, if you don't want them to tell you what cookies of 
theirs that you are agreeing to store then don't use cookies (either at 
all or for just that site if you like the pop-up cookie question box).
<evil>
Or stick a cookie random obfuscator into a cron-job for kicks. I'm sure 
Someone could kick out a perl one-liner to do that.
</evil>

As for user-agent details. They are not required in the request (only 
the actual page and the host are required) and you can get browser 
plugins to change the user-agent string.
However this slight privacy issue is balanced against letting the web 
server know which browser you are using so that the website designer can 
test the site with the browsers which visit most commonly.

I would only get worried if it knew your login-id and the other websites 
you had open at the same time.

Remember, someone knowing which OS and browser you use from which IP 
address does not make you less secure. Using an unsecured OS and browser 
makes you less secure.

Cheers

Rick


Geoff Bagley wrote:
> Richard Forster wrote:
>> What info did it leak?
> Various -
> your user-agent,browser, operating system,cookies,recent pings,
> depending on which browser.
> 
> I would suggest that "recent pings" are none of anyone's business.
> 
> Cheers,
> 
> Geoff
> 
> 
> 
> 
>> Have you tried links?
>>
>> Have a go with Wireshark[1] and see what lynx send out (the HTTP GET 
>> packets) and compare it to what links (or any other working browser) 
>> sends out. You can try going to any website because the browser 
>> request contains the same information.
>>
>> If you stick with dnsreport then it might help to use the following 
>> filter, depending on what other network traffic you have.
>> ip.addr == 70.86.177.244
>>
>> Cheers
>>
>> Rick
>>
>>
>> [1] We knew it as Ethereal, we loved it as Ethereal. The network 
>> protocol analyser is dead, long live the network protocol analyser.
>>
> 
>

More information about the Malvern mailing list