[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Ross Bearman wrote: > > Simon, I thought cookies were inaccessible to any domain other than > the one that generated them I think that is how they are suppose to work ;) The scanner did trigger a prompt for further permissions to access the system I believe. It behaved in every respect like a perfectly reasonable scanner for malware, up to the point it tried to install more malware. Of course we had the discussion on how to check what sites other people have visited in the blogosphere.... http://www.debian-administration.org/users/simonw/weblog/270 > hence why Google Analytics and Google ad > services use Javascript to implant the cookie call in non-Google.com > websites? Nah most folks just use a small, often invisible, image to set cookies from the server the image is on. Like this edited example from msdn.microsoft.com, which sets a cookie from c.microsoft.com, clearly centralising as much detail as can be preserved from the original request. <div style="display:none"><img src="http://c.microsoft.com/trans_pixel.asp?source=msdn&TYPE=PV&uri=%2fen-us%2flibrary(d%3ddefault)%2fms970178(l%3den-us%2cv%3dMSDN.10).aspx&p=_en-us_library(d=default)_ms970178(l=en-us,v=MSDN.10).aspx&r=http%3a%2f%2fxxxxxx.co.uk%2fsearch%3fhl%3den%26q%3dcxxxxx%2bdoxxxn%2bxxxxxx%26btnG%3dSearch%26meta%3d" width="0" height="0" hspace="0" vspace="0" border="0" alt="Page view tracker" /></div> One does wonder which browsers need the width, height, vspace, hspace, and border tags on display:none objects, but hey they probably know what they are doing. Google use JavaScript for Analytics, so that it can tell Google what browser and OS you use, whether and what version you have Java/Flash/whatever installed, and the zillion other minor details of your system that you see in Analytics reports for visitors to your site, the whole thing is about 26KB of Javascript. I just "NoScript" Google analytics - it only ever broke one site. If they just wanted to set a cookie it wouldn't need all that. I haven't looked too carefully at the Google adwords JavaScript, IIRC last time my boss mentioned looking at it, he said quite a lot of it was to give rounded corners on some adverts. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html