Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Security/Anonymity sig exploit

  • 09-06-2003 1:55pm
    #1
    Registered Users, Registered Users 2 Posts: 491 ✭✭


    User Lenny.

    Dynamic sig, it was obvious, just never got round to it.

    He's done it nicely though.


Comments

  • Business & Finance Moderators, Entertainment Moderators Posts: 32,387 Mod ✭✭✭✭DeVore


    Whats the problem with it? He's holding a mirror up to you so you see your own information... its not like it will be archived forever. The next person to access that thread will not see your info, just their own... and so on.

    Its a bit freaky but its also a good reminder that on the internet you are never as anonymous as you might think.

    DeV.


  • Registered Users, Registered Users 2 Posts: 491 ✭✭flav0rflav


    I have no problem seeing my own address.

    But you have previously extolled the virtues of anonymity on these boards. All he has to do is log the referring URL and IP and it's quite straight forward to resolve people. You hide the same info? I presume you hide it for a valid reason. Now he is accessing it.

    Although it would appear not to be his own work, and he may not have access to the logs.

    May I do the same, please sir?


  • Registered Users, Registered Users 2 Posts: 491 ✭✭flav0rflav


    Ah whatever.

    All I'll say is that a dynamic sig, dependent on viewers ip is open to abuse, in a number of ways.


  • Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    It's not just signatures, images can be embedded in posts and they don't have to be dynamic like Lenny's, you can just read the same information out of the webserver logs.


  • Business & Finance Moderators, Entertainment Moderators Posts: 32,387 Mod ✭✭✭✭DeVore


    any http request to any webserver sends this information with the request. (slightly browser dependant with IE sending more then others afaik).

    I still fail to see the security breach. I see a security gap in knowledge (not particularly yours but others who have complained) and thats more worrying then anything Lenny has done.

    If lenny could do something bold with ANYTHING like that (active or otherwise) it would be a security problem of worldwide magnetude.


    DeV.


  • Advertisement
Advertisement