[LINK] Redirects, User counters and Advertising
rchirgwin at ozemail.com.au
rchirgwin at ozemail.com.au
Sun Feb 25 08:50:11 AEDT 2007
Linkers (esp. Howard and Irene!),
Since I can't say "this company is using 443 for ad counting / user
tracking" from current knowledge, I wouldn't like to nominate a bunch of
sites on the off chance, just to waste Howard's time.
1) I went Googling to see if searches would provide some hints. I
certainly got one hint; these search terms:
imrworldwide 443
...turned up many sessions in proxies and cache logs which showed
sessions of the kind we're interested in. For example:
secure-au.imrworldwide.com:443
https://secure-uk.imrworldwide.com:443
secure-za.imrworldwide.com:443
secure-jp.imrworldwide.com:443
And so on. So I surmise that Port 443 is still used for adverts or user
traces.
2) My next search was for imrworldwide in the URL - for example:
inurl:imrworldwide inurl:secure-au
What arrives is interesting. The first search returns Neilsen which now
owns IMR. The next is a Citibank advertisement.
secure-au.imrworldwide.com/cgi-bin/a/ci_800044/et_2/cg_801249/pi_1005085/ai_835759
Which, when clicked, arrives at:
http://www.citibank.com.au/cardsoffer/offers/cashback4.9_2006_F.htm
So IMR is sitting as a kind of man-in-the-middle for ad counting - which
as an aside I don't see as good social engineering for visitors to a
bank Website.
I suspect Telstra is still using the "443 technique" on visitors to
sub-sites.
I can't find what setting in Firefox makes it pop up "entering / leaving
a secure site" warnings, but I use IE so rarely that I've never switched
that popup off. So when I go from the Telstra home page to BigPond I get
two popups while the page loads: "You are about to enter a secure site",
and "You are leaving a secure site". But this was just clicking on the
BP link on the Telstra home: no attempt at a transaction.
RC
More information about the Link
mailing list