[cap-talk] Toolbars and unguessable URLs
mikesamuel at gmail.com
Thu Sep 25 01:32:15 CDT 2008
2008/9/25 Tyler Close <tyler.close at gmail.com>
> On Wed, Sep 24, 2008 at 12:45 AM, Mike Samuel <mikesamuel at gmail.com>
> > If Yahoo is sending the complete referer then it is definitely sending
> > references.
> The HTTP Referer header is defined to contain a URI and specifically
> says it MUST NOT contain a URI reference. AFAICT, this conformance
> language is commonly implemented by browsers.
Of course, I doubt any of the quoted text makes any attempt to use
> terminology correctly, so it's impossible to know what these tools are
Without looking at what goes over the wire.
> The Google policy makes it impossible to create any access-control
> mechanism that is not vulnerable to the Google software. They
> explicitly say they can grab any information they want.
> According to privacy policies
> > http://www.google.com/support/toolbar/bin/static.py?page=privacy.html&
> > Certain optional Toolbar features operate by sending Google the addresses
> > other information about sites when you visit them.
> They can drive a truck through that last phrase.
> I think the only rational thing to do here is accept that users of
> these toolbars are fully vulnerable to them. That and poke fun at them
> for making their users so vulnerable.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cap-talk