Re: JavaScript to grab e-mail

• To: eric.hammond@sdrc.com (Eric Hammond)
• Subject: Re: JavaScript to grab e-mail
• From: Lincoln Stein <lstein@kaa.crbm.cnrs-mop.fr>
• Date: Tue, 27 Feb 1996 16:04:35 +0100
• Cc: www-security@ns2.rutgers.edu
• In-Reply-To: <199602271432.JAA04448@sdrc.com>
• References: <199602261552.QAA03034@pico.crbm.cnrs-mop.fr> <199602271432.JAA04448@sdrc.com>

Wow!  These are extremely frightening demonstrations.  Apparently it
is possible to:

	1.  Capture the user's cache and history
	2.  Monitor every page the user views and transmit its URL
	across the Internet to a remote log file.

Would someone who's JavaScript-savvy (I'm just a neophyte) please
have a look at these scripts and comment?  I'll incorporate his or her
comments into the WWW Security FAQ, with much accolades and kudos.

Lincoln

Eric Hammond writes:
 > Lincoln:
 > 
 > > I was concerned that someone had discovered a way to make JavaScript
 > > divulge such browser secrets as the contents of the disk cache,
 > > history list, or newsgroup subscriptions.
 > 
 > Then you definitely don't want to read:
 > 
 > 	http://www.c2.org/~aelana/javascript.htm
 > 	http://www.osf.org/~loverso/javascript/track-me.htm
 > 
 > -- 
 > Eric.Hammond@sdrc.com         513-576-5907
 > SDRC, 2000 Eastman Drive, Milford OH 45150
 > webmaster@sdrc.com    http://www.sdrc.com/
 > 

• Re: JavaScript to grab e-mail <explained>
• From: Lincoln Stein <lstein@kaa.crbm.cnrs-mop.fr>
• Re: JavaScript to grab e-mail
• From: eric.hammond@sdrc.com (Eric Hammond)

• Previous: Re: Java security problems (fwd from Risks Digest #17.77)
• Next: Re: JavaScript to grab e-mail <explained>
• Index(es):
  • Index
  • Thread