Matt via RT wrote: > It told me tons about my Linux box as well. :-/ I assume you mean the URL Giovanni gave (http://leader.ru/secure/who.html).
The point is that it is not doing anything special. The information displayed is either part of the HTTP protocol or within the scope of JavaScript environment variables. In other words, this information is available to any webserver that you connect to. Most web browsers offer this information to web servers so that web apps can programmatically adjust what it returns so that it is customised for the user's browser. The web app at the URL Giovanni gave didn't "hack" into your machine. It merely read some strings the browser offered (User-Agent: Mozilla, WinXP. Plugins: Quicktime, etc.) when it first connected and ran some JavaScript to get the screen size, etc. Like I suggested earlier, turn off JavaScript in your web browser and hit the URL again. You will see a big difference. I didn't run the port scan or other scans because I haven't established any kind of trust with the site. The fact that the site requires I indemnify the site from responsibility didn't make me feel too trustful. ;) John Hebert _______________________________________________ General mailing list [email protected] http://brlug.net/mailman/listinfo/general_brlug.net
