OFF: very, spam question,was:OFF: RIP UWP lyrics archive
Ken Alexander
kalex at EECS.UMICH.EDU
Thu Jan 9 21:07:45 EST 1997
> Doesn't it depend upon the SecurityManager implementation? Some apps are
> more loose-lipped than other in this regard. I believe HotJava, for
> example, is much more permissive than, say, Netscape.
There's a non-java way to get the login of someone using any web browser
under the following circumstances:
- the browser client is running on a unix machine that runs 'identd',
a program whose sole function is to answer network queries of the
form "what user is connected to tcp port NNN?"
and
- the web server is configured to attempt to connect to the identd
port of the client host on each call, and log the info.
Even NCSA httpd can be told to do this.
But this is doubly OFF topic, because the original question was about
collecting a bunch of email addresses for spams, and it would be
difficult to harvest them out of the logs of web servers spread across
the entire net.
However, I did get spammed, in a way, due to this once. I fingered someone
at a remote machine, and I immediately received an email advertisement from
the internet provider that I was fingering at, because they had used identd
to figure out who was doing the finger. I returned the email with a
response that was metaphorically a finger of a different sort...
More information about the boc-l
mailing list