(keitai-l) Re: Tricking a server or Tricking yourself. (Long!)

From: Nick May <nick_at_kyushunet.com>
Date: 03/16/01
Message-id: <fc.000f761000051d743b9aca00ba6eadaa.51d77@kyushunet.com> 
keitai-l@appelsiini.net writes:
>1) Some people write 'fake' headers to request the content
>   outside of mobile phones.
>
>2) Some people make screengrabs of content and publish them
>   without a basic knowledge of copyright.

>It's quite common to use scenario 1, but to give the tools
>public away (including source code) in a mailing list? Especially
>one which target is not (only) developers? I don't know if I like
>it too much. What's the big difference between simply faking some
>headers and faking some packets (except the skills of diving
>deeeeeeeeeeep into TCP)?


I'm sorry but this really is the most dreadful tripe.

1) writing "fake" headers consists in no more than modifying a pref in at
least one popular browser. Hell, if it is easy enough for your average Mac
user to do, it ain't rocket science. If people really want to keep
browsers out they will do reverse lookups, or whatever. It isn't as though
anyone is stealing the data - it is all freely available, they are just
choosing to browse it in a way more convenient... Any adverts, etc, will
still be seen... Faking the header is a basic privacy step - it ain't your
business what browser I am using - and I have no commitment to tell you....

As for a security risk - ye gods - code it right and it won't be. If you
choose to throw a load of parameters around in the url that you do not
seriously disinfect before using them in your code, then you deserve what
you get.

2) is a red herring. if you do not have a basic knowledge of copyright -
or more likely, have a fairly good basic grasp of copyright but think
various provisions of the DMCA and various other conventions suck bricks,
you are going to have your wicked way with the content however you browse
it.

>My point here is, not every screengrab is an allowed one.
>Especially not if you faked the headers to get access to a site.

Well the first claim is true, but I do not see how the means of access is
relevant. Do I press a little clicky box to state that the browser I am
using is one you happen to want to let in? 

Anyone whose security, copyright or content managemnet relies on icab (or
whatever) pretending to be Mozilla rather than Docomo is fairly far up the
fecal creek without the benefit of a propulsive mechanism.... So whinge
thee not, just code around it....

Nick



[ Did you check the archives?   http://www.appelsiini.net/keitai-l/ ]
Received on Fri Mar 16 17:10:29 2001