What can my browser expose over network?

  • Thread starter Thread starter joeu2004
  • Start date Start date
J

joeu2004

What can my browser (IE or Netscape) or my system (Win XP SP2) expose
over the network? How can I determine this for myself?

I coulda sworn there is a good web site (one or more) that displays
this information. I have found ipinfo.info. But I do not believe that
is the web site I have in mind. Can anyone suggest other such web
sites? What keywords could I use to find those web sites using a
Google search?

I am particularly concerned about exposing the computer name over the
network, not because it can be exploited, but because some people put
private information in the computer (e.g. full name).

For example, as I recall, a proprietary MS or NetBIOS protocol does
broadcast the computer name. I believe this is intended for
"workgroups". But in my case (single PC), it is transmitted to my ISP.
I believe I blocked that protocol using NIS Personal Firewall, with no
deleterious side-effects. (I am not near my computer now, so I cannot
check.)
 
A lot depends on the code in the webpage you open. For an example of what's
possible using standard Javascript, take a look at the reports on
http://www.extremetracking.com/

The above of course assumes legit browser activities. With IE in particular
there is also the risk of an ActiveX Trojan being silently installed, in
which case basically anything on your computer is Fair Game.

Basically, if you care about security at all, don't use IE for anything
other than Windows Update. If yaou still think sites shouldn't be able to -
for example - tell where youa rrived at their site from, then install a
filtering proxy such as Proxomitron or Privoxy. These also have the
side-benefit of stopping a lot of the nuisance adverts on webpages, making
surfing a more pleasurable experience.
 
Ian said:
A lot depends on the code in the webpage you open. For an example of what's
possible using standard Javascript, take a look at the reports on
http://www.extremetracking.com/
Click to expand...

I will have to defer that exercise until I have a safer environment to
work from. But I do see your point. Is it reasonable for me to assume
that a Javascript (and perhaps some other forms of HTML programming)
can determine just about anything about the client PC and send it back
to the web page server -- e.g. folder names, not to mention the
computer name? Even if I have Norton Internet Security blocking set up
in a "reasonable" way? (I forget all the details.)

Obviously I have not given the whole is of PC security much thought --
I mean how it can be compromised. I should. Part of my lapse in
forethought is due to my abject ignorance, especially academically,
about web page programming. My bad!
 
What can my browser (IE or Netscape) or my system (Win XP SP2) expose
over the network? How can I determine this for myself?

I coulda sworn there is a good web site (one or more) that displays
this information. I have found ipinfo.info. But I do not believe that
is the web site I have in mind. Can anyone suggest other such web
sites? What keywords could I use to find those web sites using a
Google search?

I am particularly concerned about exposing the computer name over the
network, not because it can be exploited, but because some people put
private information in the computer (e.g. full name).

For example, as I recall, a proprietary MS or NetBIOS protocol does
broadcast the computer name. I believe this is intended for
"workgroups". But in my case (single PC), it is transmitted to my ISP.
I believe I blocked that protocol using NIS Personal Firewall, with no
deleterious side-effects. (I am not near my computer now, so I cannot
check.)
Click to expand...

The computer name should be considered public information and should not
contain any sensitive information.

I agree that what a browser can tell a hostile web site varies depending on
what the web site does. However, your chances of surfing to such a hostile
web site that takes your personal info from your computer and does something
with it, via the browser, are very very low. Browser exploits are not the
most common form of hacking and loss of personal data. Viruses spreading
via email attachments and network vulnerability worms are.

I think you're overthinking this. For home users, it is generally
sufficient to secure your computer by using a firewall, antivirus, and
making sure you are receiving Microsoft security patches regularly. That's
generally Microsoft's advice.
 
Karl said:
I agree that what a browser can tell a hostile web site varies depending on
what the web site does. However, your chances of surfing to such a hostile
web site that takes your personal info from your computer and does something
with it, via the browser, are very very low. Browser exploits are not the
most common form of hacking and loss of personal data.
Click to expand...

I agree, to some extent. Actually, I have found it quite easy to
inadvertently go to a potentially hostile site (well, porn site
anyway), simply by mistyping a URL. It seems quite common for porn
sites to choose URLs that are anagrams of "legitimate" web sites.

But the point is you are correct: That was not the concern expressed
in my original posting.
I think you're overthinking this.
Click to expand...

And perhaps you are right again. But I know that legitimate web sites
typically take advantage of the whois information, which is really more
about our ISP than our PC, to tailor ads or "welcome" messages to our
geographic region. I want to know if the computer name is equally
accessible to web sites.

But more to the point, I am looking for good web sites that display
that kind of local computer information -- web sites like ipinfo.info,
but perhaps with a more user-friendly interface. I vaguely recall
going to a such a web site that displayed a lot more local-computer
information on the first web page, without have to click on links. In
large type, it said something like: "Here is the information your
computer is exposing to the Internet".

I was not "overthinking" the dangers of it so much as I was simply
asking the question.

(But based on the first response, I did realize that "easily" is
subjective, and I began to wonder if, in fact, everything is accessible
to good HTML programmers. It was a digression -- and obviously a
confusing one.)
 
What can my browser (IE or Netscape) or my system (Win XP SP2) expose
over the network? How can I determine this for myself?

I coulda sworn there is a good web site (one or more) that displays
this information. I have found ipinfo.info. But I do not believe that
is the web site I have in mind. Can anyone suggest other such web
sites? What keywords could I use to find those web sites using a
Google search?

I am particularly concerned about exposing the computer name over the
network, not because it can be exploited, but because some people put
private information in the computer (e.g. full name).

For example, as I recall, a proprietary MS or NetBIOS protocol does
broadcast the computer name. I believe this is intended for
"workgroups". But in my case (single PC), it is transmitted to my ISP.
I believe I blocked that protocol using NIS Personal Firewall, with no
deleterious side-effects. (I am not near my computer now, so I cannot
check.)
Click to expand...

Here is a good place to start:

https://www.grc.com/x/ne.dll?bh0bkyd2
 
Assuming that malicious code/application is not on your computer known to
you or not that could allow an attacker to have remote access to your
computer then your firewall will block access to the type of information you
are concerned about though as Karl said you should not be using a computer
name that gives information. Using you social security number as your
computer name is a bad idea. Anyone can get the public IP that your computer
is using but your ISP generally uses a non descript DNS entry for that IP
that is not helpful to anyone trying to harvest information,.

Yes the computer name is broadcast on the network but broadcasts do not get
past routers. You probably are referring to the information that one can get
via a null session if the person has access to file and printer sharing on
your computer. If you do not need to share your computer/printer with anyone
it is good practice to disable or uninstall file and print sharing. You can
use programs such as the free Superscan 4 from Foundstone to try and get
information from another network computer. --- Steve

http://www.foundstone.com/index.htm...subcontent=/resources/proddesc/superscan4.htm
--- Superscan 4
 
Steven said:
Yes the computer name is broadcast on the network but broadcasts do not get
past routers.
Click to expand...

First, I do not know (personally) if that is true of wireless routers.
I have wondered about that myself. Unfortunately, I cannot trace
packets going out of the WR to the cable modem.

Second, when the computer is connected directly to the cable modem, I
presume that broadcasts do indeed go into the ISP network. After all,
it has no place else to go. There is a huge market in data mining and
selling information to third-parties who might make use of it. I hope
my privacy agreement with my ISP precludes that. But I have not read
the fine print to know for sure.
You probably are referring to the information that one can get
via a null session if the person has access to file and printer sharing on
your computer.
Click to expand...

For the NetBios (or MS) protocol example, yes. But that was only an
example. I am more concerned that HTTP might pass along the computer
name either as a matter of course or at least make it easily
accessible, just as the browser name itself is passed in HTTP. (Of
course, the browser name is passed for good reason. Let's not digress
into a discussion of that. It is just an example.)
though as Karl said you should not be using a computer
name that gives information
Click to expand...

And that really was the point that I want to justify. We are in
"violent agreement" :-).
Anyone can get the public IP that your computer
is using but your ISP generally uses a non descript DNS entry for that IP
that is not helpful to anyone trying to harvest information
Click to expand...

I know. Again, that was merely an example of the __kind__ of
information that I know is exposed by browsers. I have a vague
recollection of finding a web site that displays __all__ such
information, including but not limited to the IP address and related
information. I am looking for that web site. I am not seeking advice
or opinions. But thanks for your efforts.
 
First, I do not know (personally) if that is true of wireless routers.
I have wondered about that myself. Unfortunately, I cannot trace
packets going out of the WR to the cable modem.

Second, when the computer is connected directly to the cable modem, I
presume that broadcasts do indeed go into the ISP network. After all,
it has no place else to go. There is a huge market in data mining and
selling information to third-parties who might make use of it. I hope
my privacy agreement with my ISP precludes that. But I have not read
the fine print to know for sure.
Click to expand...

If you are not using an internet router the broadcasts will not get past the
default gateway which is the router for your ISP. It could be possible for
the computers on the same network in your ISP to receive the broadcasts. The
high risk would not be the broadcasts but your computer FPS and other ports
being exposed to computers in the untrusted network. Again a computer name
should not contain any info that you do not want exposed anyhow and you can
simply disable file and print sharing or at least netbios over tcp/ip. A
much higher risk is for users with wireless networks that are not secured
correctly. All consumer grade routers I have ever heard of will not allow
broadcasts to be routed. It is possible to configure higher end routers to
pass broadcasts but I doubt most internet users are using real Cisco routers
to connect to the internet.

For the NetBios (or MS) protocol example, yes. But that was only an
example. I am more concerned that HTTP might pass along the computer
name either as a matter of course or at least make it easily
accessible, just as the browser name itself is passed in HTTP. (Of
course, the browser name is passed for good reason. Let's not digress
into a discussion of that. It is just an example.)
Click to expand...

The computer netbios name would not be used for HTTP. What is a possibility
for any internet application is that your host name can be used. ISPs make
sure that such names are very nondescript. You can ping your public IP
address from another computer on the internet or use a whois website
entering your IP to see what information is given by your ISP assigned host
name. If you want more information set up a web server [you can with XP Pro]
and examine the contents of the web server logs to see what information is
shown or capture non https traffic with something like Ethereal to analyze
it. Of course users going to a website that has malicious code and the user
being logged on as an administrator could end up with endless possibilities
including the owner of the website having remote control of your computer.
Vista at least will prompt users when code is being run that requires
administrator access if the user does not turm off that protection. A far
bigger problem is social engineering attacks where users voluntarily give
sensitive information to bad guys posing as trusted guys.

Steve
 
Back
Top