|
HOME TOPICS ABOUT ME Your Web browser is indeed showing all your private files. |
technofile Al Fasoldt's reviews and commentaries, continuously available online since 1983 Web security: Here's why things aren't always what they seem
Note: The link referred to in this article is currently
down.
March 19, 2000 By Al Fasoldt Copyright ©2000, Al Fasoldt Copyright ©2000, The Syracuse Newspapers We're all gullible in one way or another. I could have fun fooling you for a few minutes, but I'll let you in on the joke even before I tell it. I don't want a few heart attacks on my conscience. But since the trick I'm about to play on you has a very serious side, I'll explain why you should care after we get the fun out of the way. I need to start by pointing out that this only works under Windows. (Mac and Linux users can do it, too, but they won't see what Windows users will.) Nothing bad will happen. I guarantee it. What you see is not necessarily what you get. Ready? Run your Web browser -- Internet Explorer or Netscape (or Opera, the only other Windows browser left) -- and go to this page: http://electricny.com/dare/. Then click on "Click Here If You DARE!" What do you see? Windows users should see something very disturbing. The Web site you just went to is displaying your files. ALL your files. All the files in your C: drive, for example. Your private files. The ones you thought nobody would ever stumble across. This part is not a trick. You went to a Web site somewhere on the Internet and that Web site gave an instruction to your Web browser to do something. And your Web browser is indeed showing all your private files. If you're a Windows user and have clicked "Click Here If You DARE!," you should be gasping. How could something like this be legal? How could anyone on a Web site have the right to view your private files? End of scene. Back to reality. The joke's over. Gullible? Count me in. When I came across this Web page a few months ago I was ready to jump out of a window. I have a LOT of security on my home network. Allowing this kind of invasion into my own files was unthinkable. So I asked Aaron Naas, a Web expert from Skaneateles now working for IBM in North Carolina, to look at the Web-page code. Naas explained that the Web site was simply telling my browser to display my own files. The Web site was not viewing my files. It was just passing along an instruction. In other words, my privacy was not being invaded. All that was happening was the Web equivalent of a stranger calling me and telling me to open my wall safe and look at all the important papers stored there. The stranger wasn't looking; I was. The stranger was just trying to scare me. And doing a good job. Let's look at this another way. You go to a Web site and discover that the site is peeking into your files. That's not good. You go to a Web site and find out that the site is displaying your files on your screen. That's maybe not good. It's disturbing, but it's not something to get all worked up over. Because that's Web-page coding works. It lets your browser show you files and file listings. Unless you're an experienced Web designer, you probably didn't know that. Now you do. All the glitters isn't gold, Shakespeare said. Right? Even that's wrong. He used the word "glisters." Things just aren't what they seem sometimes. Especially on the Web. |