This is a cryptographically signed message in MIME format.

--------------ms010803070307000503060200
Content-Type: multipart/mixed;
boundary="------------000607070109050108090006"

This is a multi-part message in MIME format.
--------------000607070109050108090006
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

I wrote an article about using an http proxy to strip cookies.

Many behavior tracking companies have gone to great lengths to satisfy
"legal" criteria so they are no longer called spyware/adware.
Generally, the laws say "if you don't collect personally identifying
information, you're not spyware." I think this is an overly simplistic
definition that mollifies consumers but does little to satisfy security
admins.

Anyway, I did a impromptu analysis of 3rd party cookies that pass the
"it's not spyware" criteria. I looked at cookie caches of a half-dozen
PCs in my office, and came up with a list of about 24 ad-serving cookies
by simply visiting the web sites of cookie domains with strings like
"ad", "click", and "hit". I read the privacy policy at each site, and
decided that 20 of the 24 collected information I was not willing to share.

I added proxyStrip actions to my firewall proxy (with wildcarding on
domains e.g., *hitbox.com, *valueclick.com).

It's absolutely amazing how many cookies I'm stripping; in fact, if I
watch the realtime monitor, it's actually quite funny. FWIW, stripping
the cookies doesn't appear to interfere with anyone's "web experience":-)

To confirm the proxy actions worked as I intended, I tweeked the proxy
event logging up a bit so I was also able to see the HTTP proxy strip
extraneous response headers like these (each line below is from a
separate http response header):


Ad-Reach: Burst!Media\x0d\x0a
X-Generator: kornfeld6\x0d\x0a
X-Message: XRE response from Origin Server \x0d\x0a
X-Cache: HIT from qe45.friendfinderinc.com\x0d\x0a
X-Cache: MISS from oz.valueclick.com\x0d\x0a
X-Host: p1w12.geo.scd.yahoo.com\x0d\x0a
X-INKT-URI: http://www.carrielynnesworld.com//index.html\x0d\x0a
XRE response from IC \x0d\x0a
X-N: S\x0d\x0a
O_CREATIVE_ID: 220521\x0d\x0a
X-AspNet-Version: 1.1.4322\x0d\x0a
CM: 1.7\x0d\x0a
X-TR: 2\x0d\x0a
X-Pingback: http://blogs.securiteam.com/xmlrpc.php\x0d\x0a

BTW, the HTTP proxy I use by default strips all non-standard response
headers and none of these are defined on pages like

http://msdn.microsoft.com/workshop/a...se_headers.asp


During my search thus far, I can't find 90% of the response header types
I'm blocking.

I do know that 99% of the pages work just fine without them:-)

I'm posting to the list because (a) Marcus told me to and (b) I wonder
if anyone knows where I might find information about these http response
headers?



--------------000607070109050108090006
Content-Type: text/x-vcard; charset=utf-8;
name="dave.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="dave.vcf"

begin:vcard
fnavid Piscitello
n:Piscitello;David
adr;dom:;;3 Myrtle Bank Lane;Hilton Head;SC;29926
email;internet:dave@corecom.com
x-mozilla-html:FALSE
url:http://hhi.corecom.com/weblogindex.htm
version:2.1
end:vcard


--------------000607070109050108090006--

--------------ms010803070307000503060200
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCS qGSIb3DQEHAQAAoIII5TCC
As0wggI2oAMCAQICAw9BgzANBgkqhkiG9w0BAQQFADBiMQswCQ YDVQQGEwJaQTElMCMGA1UE
ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1 UEAxMjVGhhd3RlIFBlcnNv
bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwODA1MTMyMj AzWhcNMDYwODA1MTMyMjAz
WjBCMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMR 8wHQYJKoZIhvcNAQkBFhBk
YXZlQGNvcmVjb20uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ 8AMIIBCgKCAQEA5B/n1wwf
w4nKx98qYyljEhe8lfyOcbMEABfJ6Mv4L0zHtGHNYcsG+LG/XfBkfSIyIz9c7fuQuF9g5INQ
UBuqUgU/pgNbxD0f1S/fr0vVSsy5lu3sGm9cKxCtt4X2Gk2tH7cxhyX7jSS3nYBWWfLBO 7KE
JYtudy9VvpHJ7o9swnryxG59jfigpRz5J4iBV91RU7hfR02i9C wknEqTg5f6RpL/qc+N98yV
FXKMYCNgsj7cukwdWyVtKhZyVSGzweNSmD0g+hOKzDQTsQNO8O BTxBGdzBtaWKFnRhP17OL0
MHD65pXVOxkHIY7P2juN33rA6S1MrOjpVWwscwMFAvu7ZwIDAQ ABoy0wKzAbBgNVHREEFDAS
gRBkYXZlQGNvcmVjb20uY29tMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAbuvH
odtInEaxBKW0wVlxYuPuuiFtUCpXlqhJFe+DwFiKLJtG9TjQhX 1aUgFmcGzkhObb3WZGGpkM
waxXT4jKNyPkPgmjR2Cll6faFFoRnc6G5/cgnB0ZdMTXA1l2Yi6vWzJju7KUACVGxf/6Gjsl
Ys+ahFis4QK6JdPaNUyVzd0wggLNMIICNqADAgECAgMPQYMwDQ YJKoZIhvcNAQEEBQAwYjEL
MAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW 5nIChQdHkpIEx0ZC4xLDAq
BgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW 5nIENBMB4XDTA1MDgwNTEz
MjIwM1oXDTA2MDgwNTEzMjIwM1owQjEfMB0GA1UEAxMWVGhhd3 RlIEZyZWVtYWlsIE1lbWJl
cjEfMB0GCSqGSIb3DQEJARYQZGF2ZUBjb3JlY29tLmNvbTCCAS IwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOQf59cMH8OJysffKmMpYxIXvJX8jnGzBA AXyejL+C9Mx7RhzWHLBvix
v13wZH0iMiM/XO37kLhfYOSDUFAbqlIFP6YDW8Q9H9Uv369L1UrMuZbt7BpvXC sQrbeF9hpN
rR+3MYcl+40kt52AVlnywTuyhCWLbncvVb6Rye6PbMJ68sRufY 34oKUc+SeIgVfdUVO4X0dN
ovQsJJxKk4OX+kaS/6nPjffMlRVyjGAjYLI+3LpMHVslbSoWclUhs8HjUpg9IPoTisw 0E7ED
TvDgU8QRncwbWlihZ0YT9ezi9DBw+uaV1TsZByGOz9o7jd96wO ktTKzo6VVsLHMDBQL7u2cC
AwEAAaMtMCswGwYDVR0RBBQwEoEQZGF2ZUBjb3JlY29tLmNvbT AMBgNVHRMBAf8EAjAAMA0G
CSqGSIb3DQEBBAUAA4GBAG7rx6HbSJxGsQSltMFZcWLj7rohbV AqV5aoSRXvg8BYiiybRvU4
0IV9WlIBZnBs5ITm291mRhqZDMGsV0+Iyjcj5D4Jo0dgpZen2h RaEZ3Ohuf3IJwdGXTE1wNZ
dmIur1syY7uylAAlRsX/+ho7JWLPmoRYrOECuiXT2jVMlc3dMIIDPzCCAqigAwIBAgIBDT AN
BgkqhkiG9w0BAQUFADCB0TELMAkGA1UEBhMCWkExFTATBgNVBA gTDFdlc3Rlcm4gQ2FwZTES
MBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ2 9uc3VsdGluZzEoMCYGA1UE
CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMC IGA1UEAxMbVGhhd3RlIFBl
cnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZX Jzb25hbC1mcmVlbWFpbEB0
aGF3dGUuY29tMB4XDTAzMDcxNzAwMDAwMFoXDTEzMDcxNjIzNT k1OVowYjELMAkGA1UEBhMC
WkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIE x0ZC4xLDAqBgNVBAMTI1Ro
YXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMIGfMA 0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQDEpjxVc1X7TrnKmVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9RzgHU5VAK
MNcCY1osiRVwjt3J8CuFWqo/cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4Hv0CAAmTX
p6a7n2XRxSpUhQ9IBH+nttE8YQRAHmQZcmC3+wIDAQABo4GUMI GRMBIGA1UdEwEB/wQIMAYB
Af8CAQAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC50aG F3dGUuY29tL1RoYXd0ZVBl
cnNvbmFsRnJlZW1haWxDQS5jcmwwCwYDVR0PBAQDAgEGMCkGA1 UdEQQiMCCkHjAcMRowGAYD
VQQDExFQcml2YXRlTGFiZWwyLTEzODANBgkqhkiG9w0BAQUFAA OBgQBIjNFQg+oLLswNo2as
Zw9/r6y+whehQ5aUnX9MIbj4Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsAxRoLgnSe
JVCUYsfbJ3FXJY3dqZw5jowgT2Vfldr394fWxghOrvbqNOUQGl s1TXfjViF4gtwhGTXeJLHT
HUb/XV9lTzGCAzswggM3AgEBMGkwYjELMAkGA1UEBhMCWkExJTAjBg NVBAoTHFRoYXd0ZSBD
b25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZS BQZXJzb25hbCBGcmVlbWFp
bCBJc3N1aW5nIENBAgMPQYMwCQYFKw4DAhoFAKCCAacwGAYJKo ZIhvcNAQkDMQsGCSqGSIb3
DQEHATAcBgkqhkiG9w0BCQUxDxcNMDYwMzA0MDAzODE1WjAjBg kqhkiG9w0BCQQxFgQUMS1w
t+xNfbsz1eCiel26mEwkniUwUgYJKoZIhvcNAQkPMUUwQzAKBg gqhkiG9w0DBzAOBggqhkiG
9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKo ZIhvcNAwICASgweAYJKwYB
BAGCNxAEMWswaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVG hhd3RlIENvbnN1bHRpbmcg
KFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIE ZyZWVtYWlsIElzc3Vpbmcg
Q0ECAw9BgzB6BgsqhkiG9w0BCRACCzFroGkwYjELMAkGA1UEBh MCWkExJTAjBgNVBAoTHFRo
YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1 RoYXd0ZSBQZXJzb25hbCBG
cmVlbWFpbCBJc3N1aW5nIENBAgMPQYMwDQYJKoZIhvcNAQEBBQ AEggEAYfAvNFaJ3zwxZbK2
7UeCrfepeUDB2rgTrbZGKr8x5xWvbjMNBD+4UsPcmeYmIK/6d9yuXGTMJ25UCJ9lZmbvRxQa
dVDn17eljGz1yFmmwCfW2d/47Rl2KDSs2ckl0Zgil8skyK7Le5dom4as8Hjo461+WltBI5Yg
cDPX3gk7/YpKEW7KIVBR80gnnQqKdC/2yWjSFGFGwGYwbGuVHbY3pK+76Ul7jaM/SBFyYiFu
S4aFKsMEkQ0YyL/FuqJvL4KXPsKLg+CG9xaB4kVqSoFmy01Wv3EgJjOXvjposu5re srVfBbQ
58mXr+rYzp+LMtPgTfaPNPJ7q55bFDBg5gGYQAAAAAAAAA==
--------------ms010803070307000503060200--
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/li...rewall-wizards