is this your harddisk ?
- Thread starter yepitsme
- Start date
Interesting. It's not really a jpg, but it does give you an idea of what people can find out about you when you're surfing the net. That's why firewall software is a good idea, even if you're using a dial-up.
I'm hoping someone will have mercy on us computer illiterates and explain how they can get this info and what the real world dangers are.
When you access a web page it is possible for the author of that page to get several items of information from your computer, unless you have installed software to prevent access. They can read your hard drive, as you have discovered, and list your folders. They can drop cookies onto your machine, read and manipulate those cookies if your browser settings allow this to happen. If someone manages to infect you with the proper virus (NIMDA for example), the virus will share your hard drive, report your IP number to the hacker, install a keyboard logger, and report your keystrokes to the hacker. What this means is that if you are hacked with a keyboard logger and type in a password or credit card number, the hacker has that information. If your hard drive is shared, then the hacker can also copy information from your drive, or can manipulate other files on your computer.
That's for starters. Web site owners can also tell where you have been on the net, which pages you left to reach their site, which pages you jump to when you leave their site. Companies that deal with cookies like doubleclick keep information in the cookies about web site visits then report this information to their subscribers (that's one way you get spam from people you never heard of).
That's for starters. Web site owners can also tell where you have been on the net, which pages you left to reach their site, which pages you jump to when you leave their site. Companies that deal with cookies like doubleclick keep information in the cookies about web site visits then report this information to their subscribers (that's one way you get spam from people you never heard of).
I have Win XP-Pro, and my firewall is enabled. Why does my drive info still show up when I click the link. Isn't the purpose of a firewall to protect against this very thing?
Thanks Skinar. The cookies et al I knew about. What I didn't know was that a web page author could read my hard drive and list my folders. From my computer I not only get the list of folders but I'm also able to open them and access all the info. Is that simply because its my folders I'm accessing, or is the web page author able to access not only the folders but the info inside them as well?
While I havent delved into the why it works, I did look at his source code, and it actually is not malignant in anyway. All he is doing is creating a very simple html page, where the source is C:/ or, your hard drive.
Will try to explain further in a bit...
Cheers,
Phil
Will try to explain further in a bit...
Cheers,
Phil
Marlowe and Phil Turcotte have it right. When you open that particular page on your computer, the HTML reads your directory and displays it. You can do this since you're running the HTML locally, whether or not you're behind a firewall, but your directory information is not being displayed to the outside world. That's why it still works on Juice's computer.
Stuff like that still bugs me though.
[This message has been edited by Skinar (edited 01-04-2002).]
Stuff like that still bugs me though.
[This message has been edited by Skinar (edited 01-04-2002).]
Skinar,
Thank you for your reply and I understand what you're saying, but I asked a friend of mine to click the link from his work PC (he works for an investment firm with their own firewall) and the page did not open for him. This is why I am a little uneasy about my firewall. How can I be certain that only I can view my c: and no one else can.
Thanks
Thank you for your reply and I understand what you're saying, but I asked a friend of mine to click the link from his work PC (he works for an investment firm with their own firewall) and the page did not open for him. This is why I am a little uneasy about my firewall. How can I be certain that only I can view my c: and no one else can.
Thanks
Juice, I'm just guessing, but his network admin may have something disabled that prevents the page from working.
I usually overreact to things like this.
The key line in the HTML is 'src="C:\" which just instructs YOUR browser to read your hard drive and display the folders in a frame. That doesn't send any info anywhere. However, lets assume I'm devious. I find a way to read your folder list to a cookie on your computer, then I read the cookie from my remote location. Voila, I have your folder list. This still doesn't mean I can manipulate your files, but I do have an idea of what's on your computer.
[This message has been edited by Skinar (edited 01-04-2002).]
[This message has been edited by Skinar (edited 01-04-2002).]
[This message has been edited by Skinar (edited 01-04-2002).]
I usually overreact to things like this.
The key line in the HTML is 'src="C:\" which just instructs YOUR browser to read your hard drive and display the folders in a frame. That doesn't send any info anywhere. However, lets assume I'm devious. I find a way to read your folder list to a cookie on your computer, then I read the cookie from my remote location. Voila, I have your folder list. This still doesn't mean I can manipulate your files, but I do have an idea of what's on your computer.
[This message has been edited by Skinar (edited 01-04-2002).]
[This message has been edited by Skinar (edited 01-04-2002).]
[This message has been edited by Skinar (edited 01-04-2002).]
Actually, I didn't express myself properly. He was able to access the page but only got a blank page with an small empty box in the corner. This leads me to believe that something other than his admin is preventing the page form being displayed (I'm only guessing here, could be wrong).
But if you say my info is only viewable to me and not the outside world, I will take your word for it
But if you say my info is only viewable to me and not the outside world, I will take your word for it
point to this post was to make You be more
carefully out there and check Your computers
safety.
that page shows You Your own hard disk and
does NOT give information to outside.
get at least some kind firewall (like
zone alarm ) and free virus check program.
that is the way Your folder list looks like
in hackers monitor, it's up to You.
carefully out there and check Your computers
safety.
that page shows You Your own hard disk and
does NOT give information to outside.
get at least some kind firewall (like
zone alarm ) and free virus check program.
that is the way Your folder list looks like
in hackers monitor, it's up to You.
Friend of mine who knows a lot of chit about computers emailed me an attatchment one day. Since it was from him, I opened the attatchment and noticed nothing strange or irregular. It just had a note attatched to it, and made me wonder why he sent it as an attatchment and not just a regular email. I called him soon afterwards to ask him about it. Gave me some "computer" answer, and I never thought about it again till the next day.
Next morning my cd driver kept opening and closing. Every time I would punch a letter on my keyboard, it would make a clicking sound. The functions of my mouse buttons had been switched as well. My monitor screen would blink on and off. Well, dumbass me never put two and two together until my email friend called me laughing hysterically on the other end. The email he had sent me had some sort of software attatchment with it that was unrecognizable. The pecker head had found some hacker site that let you download this software and have total control over someone elses computer. I couldn't do chit on my machine unless he let me. I was actually quite frightening, and I couldn't believe that it actually worked. That's why to this day, I don't open attatchments from ANYONE!!!
Next morning my cd driver kept opening and closing. Every time I would punch a letter on my keyboard, it would make a clicking sound. The functions of my mouse buttons had been switched as well. My monitor screen would blink on and off. Well, dumbass me never put two and two together until my email friend called me laughing hysterically on the other end. The email he had sent me had some sort of software attatchment with it that was unrecognizable. The pecker head had found some hacker site that let you download this software and have total control over someone elses computer. I couldn't do chit on my machine unless he let me. I was actually quite frightening, and I couldn't believe that it actually worked. That's why to this day, I don't open attatchments from ANYONE!!!
