1997-04-21 - Re: SSL weakness affecting links from pa

Header Data

From: Adam Shostack <adam@homeport.org>
To: ericm@lne.com (Eric Murray)
Message Hash: 420a1a7cae73f2b46ebeaf42cabf3a9e3c1b263e1828a49a2a8ceb0270192e55
Message ID: <199704210231.VAA07373@homeport.org>
Reply To: <199704210221.TAA00232@slack.lne.com>
UTC Datetime: 1997-04-21 02:35:40 UTC
Raw Date: Sun, 20 Apr 1997 19:35:40 -0700 (PDT)

Raw message

From: Adam Shostack <adam@homeport.org>
Date: Sun, 20 Apr 1997 19:35:40 -0700 (PDT)
To: ericm@lne.com (Eric Murray)
Subject: Re: SSL weakness affecting links from pa
In-Reply-To: <199704210221.TAA00232@slack.lne.com>
Message-ID: <199704210231.VAA07373@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Eric Murray wrote:


| User-Agent: Mozilla/3.0Gold (X11; U; Linux 6.6.6 i386)

| In order to maximally fuck up stats, what should be put into
| the windowing system/OS fields?  It has to be something that
| exists and is fairly common, so that its not able to be thrown out
| by the stats-gathers.  I could use "(X11; MVS; IBM MVS some version number)"
| but that'd be easy to throw out, even though ports of X to MVS really did
| exist.
|
| Maybe I'll just make every copy of Cookie Jar look like
| it's running on Linux.

	I think you should rotate through a list, in case they're
keeping track of it in conjunction with your other information.  Thus,
have the same cookies comeing from different user agents, say rotate
between Rhapsody on PowerPC and Linux on an Alpha.

	Alternately, have it come from Internet Exploder on various
UNIX boxes.  (Unless thats now generally available.)

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







Thread