That, kind sir, is exactly my intention - to prevent these sites from operating the way they were designed to do.

Admittedly, some of those sites listed are benign. Others indeed actively pursue courses of action which, given the choice, I would just as soon they were not enabled with the ability to carry out those activities.

As I stated previously, cookies were designed to be useful tools for users and operators of websites. This has been *******ized by some to the point where unfortunately, some folks don't like to accept any cookies from anywhere.

Sad isn't it, when the number of bad apples ruins the whole concept of the good things a cookie is supposed to be.

OMFG

I just closed all my browser windows, getting ready to shut down the PC and depart for work.

Upon closing all the Windows --- there lay in wait a small pop-under.
As I was moving to close it, ZoneAlarm notified me that RPCSS.EXE was trying to utilize the internet connection.



Does anyone consider this to be "acceptable behaviour" -- because I sure as hell do not.
Yes, I restrict websitess -- exactly because of heinious misuse (or attempted misuse) of my machine. I monitor my system and am quite careful as to what is taking place there.

If I had the opportunity, I would most certainly put a pop-knot on the head of the individuals who attempted this unwarranted intrusion upon my PC.

This is the type of thing that really gets my goat!:shoot2:

amazing, we were just talking about this crap -- and there you go, classic example.

Surely you don't expect me to give these goons access to my ActiveX and other avenues of ingress, now do you:?:

Another good find Mr.C - Gee, I seem to be learning a whole bunch of new security methods over the past few days... :)

This checklist is from the Open Web Application Security Project (OWASP). ;)

OWASP's top risks list<br><br><ol><li>Invalidated parameters: Failure to validate information from a Web requests before these are used by a Web application. Attackers can use these flaws to attack backend systems through a Web application.<br><li>Broken access control: Restrictions on what authenticated users are allowed to do are often not properly enforced. Attacks use this to access other users' accounts, view sensitive files or run unauthorised functions.<br><li>Broken account and session management: Account credentials and session tokens left without proper protection, leading to the risk that crackers could assume victims' identities.<br><li>Cross-site scripting flaws: A modern classic - mistakes here mean Web applications can be used as a mechanism to steal session tokens, attack a local machine or spoof content.<br><li>Buffer overflows: Arguable the most common type of security risk (so why isn't it number one? Ed). Sloppy programming means applications fail to properly validate inputs - so maliciously constructed, malformed requests can crash a process and be used to inject hostile code into target machines.<br><li>Command injection flaws: If an attacker can embed malicious commands in parameters passed to external systems these may be executed on behalf of a web application, to unpleasant effect.<br><li>Error handling problems: If an attacker can cause errors which are improperly handled, all manner of mischief (information disclosure, system crashes etc.) might be possible.<br><li>Insecure use of cryptography: Web apps frequently use cryptography. If that's not coded properly, sensitive information won't be adequately protected.<br><li>Remote administration flaws: If remote Web admin tools are insecure then an attacker stands a chance of gaining full access to all aspects of a site.<br><li>Web and application server misconfiguration: Don't trust out of the box security </ol>
<center>:cheers:</center>

Howsabout allowing that under-advertising, while *encouraging* certain "useful" s/ware that deletes such invasiveness, which is partly wot u do anyway? Just a thot.
Business as usual...

To Mr. C

I have finished the first revision of you cookie restricted/trusted list

Please give it a glance to make sure I didn't make any huge mistakes.

Also, included in the list I have seperated most of those that had now security heading under NEITHER.

Though some may have been kept under restructed in my final editing.


Here are some of the sites that you listed as restricted and I was just wonder, why?

RESTRICKTED BUT WHY?
Paypal.com
gamespy.com
yahoo.com
lycos.com
msn.com
macromedia.com
netscape.com
zdnet.org
gamespy.com

Here is the file.

I feel sick.

now I sleep. Ugh.

P.S. I have little skill with MS word. Was mostly mouse grease.
P.S.S. No spell checking was used in this post & I can not spell
:zzz:

After just goin' thru half that list I've come to the conclussion that some ppl spend far too much time on the internet and goin' places I stay away from. :laugh:
<center>:cheers:</center>

:bounce:

Ok, got two hours of sleep and I'm back to my happy go lucky self.

For that list, should I got through it and add *. to all the address that don't have the prefix/first part of the domain thingy. I.e. www. Forgot what it's call... again.

Thanks, hope this is useful,

Michael

* = Wildcard to cover variations. ;)

Cool.

But should I got through and add it? :?:

Of course.

I warned you!
Those are domains that I found in my cookies --- not places I was freaking visiting for crying out loud.

OK, last time --- next joker brings that up gets a pop-knot on his noggin in the shape of the wishbone formation:hammer:

geez, try to give these yahoos a hand and look how they treat you:laugh:

I didn't think you were gonn'a let that slide though, not really:rolleyes:

could be 3 possibilities.
1.) due to an activity I deemed unacceptable, they may have fallen victim to a "blanket sweep" of domains within the cookies on my system.
2.) possibly part of an old experiment in keeping IE windows from stealing focus.
3.possibly because at the time I actually did not want that domains cookie or something.

Keep in mind, this has been in progress for over 2 years so I'm not really sure in all cases. And after this amount of time spent, I am still in the learning process........but then, I think most of us are after all.
Hopefully, any errors made will be on the side of caution, after all;)

Nice work harvesting those domains, take a rest, you deserve it!:thumb:

Does anyone have any info to offer on that rpcss.exe call I posted about earlier:?:
As I stated, I was on the way to work and didn't have time to investigate the matter at all. But chalk up 1 more for ZoneAlarm:D

Hi,

Forget about it.

ooh, these folks are nasty;


I would highly reccomend you put
*.xupiter.com
on that restricted list of yours, and I do mean everyone.

if you've been playing along, you will be happy to note it was already restricted from the use of my "not-quite master" list of blocked sites