IP addresses and personal information (was Re: [LINK] Fwd: On
Line Opinion - 16 February 2007)
rene.lk at libertus.net
Sat Feb 24 21:27:17 EST 2007
On Sat, 24 Feb 2007 19:10:21 +1100, rchirgwin at ozemail.com.au wrote:
> I think the two are either similar or the same - here I will admit that
> I'm dancing on the edge of my technical grasp, so if I'm shot down in
> flames, I'll probably sign off with Spike Milligan's epitaph - but:
> launch Port 443 (ie, SSL) sessions in a redirect when you visit.
> Roughly it went like this:
> User > visits site foobar.com
> Foobar.com > redirects user to hitcounter site on Port 443 Hitcounter
> site > redirects user back to Foobar.com User sees Foobar.com load in
> the browser.
> Because no page loads, the redirect isn't visible to the user unless:
> a) you're running the sort of firewall that has a live monitor (Tiny
> Personal Firewall was nice for this); or
> b) the browser settings pop up a "you are about to enter / leave a
> secure site" each time SSL is invoked.
> And yes, imrworldwide.com was one of the sites I observed using this;
> Telstra is or used to be a customer.
> activating the Port 443 communication instead of the browser; here I'm
> beyond my expertise!
Thanks for info. I don't think I've ever notice any of these things using
Port 443, but that certainly doesn't mean none of them are, or haven't
imrworldwide.com scripts are on smh.com.au and news.com.au - the pages on
those sites link, apparently by HTTP, not HTTPS, to scripts that are hosted
on imrworldwide.com and I've no idea what those scripts do. The site
visitor doesn't see those linked files being loaded/run (but may notice it
in e.g. a firewall log). It seems quite possible they could be launching
Port 443 sessions. I've long had that site and other such sites blocked via
Outpost firewall and I also use userjs to block some other unwanted
testing purposes because I'll probably forget how I had it all set up!)
I can't remember where dgmaustralia stuff may be found - haven't seen it in
my firewall blocking logs anywhere near as much as imrworldwide.com lately.
> And finally, because my observation of this is out of date (I have
> posted to Link but it was some time back), it may be that this is an
> obsolete hit-count technique. I would be interested to know if it
So would I. I'd also be interested to know what it was doing even if it
isn't still in use.
More information about the Link