HackFest Series: LivePerson IAD Tracking Cookies

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Lisa Kachold
Date:  
To: Main PLUG discussion list
Subject: HackFest Series: LivePerson IAD Tracking Cookies
Problem: Reading email, browsing, and other regular use of a browser could
possibly infect one with something as insidious as LivePerson cookies.

For anyone who hasn't worked for a remote hoster, LivePerson cookies are
installed either as a legitimate process, allowing remote desktop keylogging
and access; or as a virus trojan. Watching a TCPDUMP one will see cookies
kicking off and reporting various things back home.

The HOME is always in the cookie, but might be misleading. Check out your
LivePerson cookies to see where your keylogger or tracking cookie
originated.

Some people report RDP and mouse type controlling behavior when these
cookies until the cookies are removed (simple in Firefox, just delete the
cookie file.

Solution: Create an exclusion List.
<http://www.gozer.org/>

In newer versions of Mozilla
<http://www.mozilla.org/>(/Firefox<http://www.mozilla.org/products/firefox/>),
cookperm.txt is deprecated in favor of hostperm.1 (
http://bugzilla.mozilla.org/show_bug.cgi?id=219752).

http://bugzilla.mozilla.org/show_bug.cgi?id=219752#c4
This patch creates a new file, named "hostperm.1". The format is:

host \t cookie \t 1 \t www.mozilla.org

so: 

host    image   2       ads2.clearchannel.com
host    image   2       jinisearch.co.uk
host    image   2       oas.villagevoice.com
host    image   2       aaddzz.com


... and so on

cookperm.txt is probably the same way, but hostperm.1 is very sensitive to
the delimiter (single tab only) and is stored in the same place as
cookperm.txt (http://kb.mozillazine.org/index.phtml?title=Profile_Folder).

The list of ad servers is now available in the new hostperm.1
format<http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hostperm.1>

If you would like to build a LivePerson cookie for tracking, check this out:



--
www.obnosis.com (503)754-4452
"Contradictions do not exist." A. Rand
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Looking for Laptop SuggestionsRe: Looking for Laptop Suggestions->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)