Firewall test and 'referrer' exploit

[Lisandro]

I am getting the best of two programs. So far so good, no conflicts etc.

Well, new Windows firewall was designed to not conflict with 3rd party firewalls. It's not a surprise but, of course, it's wellcoming  

On the Maxthon forum (link above) a lot of users say that in other browsers they can achieve the referrer protection without any problem. Maxthon (ex-MyIE2) does not have this feature yet.

It seems it's not a 'firewall' issue but a 'browser' one

[CharleyO]

*

With the pcflank test, it could not get my correct IP.

With the dslreports, I got the following:

Conclusion: Healthy Setup! We could detect no interesting responses from any of the commonly probed TCP and UDP ports. It would be difficult for an attacker to know where to start without further information.
TCP ALL : FILTERED No response packet was received.
UDP ALL : FILTERED No response packet was received.

This is basically what I get when I visit Gibson Research ... all ports Stealthed!      

*

[Gene Johnson]

I first ran the test with my Zone Alarm on medium firewall settings, and came up with several  ports open. When I ran it again with settings on high, I came out of the test with a clean bill of health. Except for the referrer exploit. I went into Opera (preferences-security) and disabled support for referrers there. Am I correct in assuming that there is no way to disable the referrer support in IE?

[Lisandro]

Am I correct in assuming that there is no way to disable the referrer support in IE?

I couldn't find it into IE or Maxthon...
Anybody coulld help us on it?
On Maxthon forum, I read that Maxthon does not provide this security feature but I don't know about IE, probably not either  :'(

[Eddy]

Perhaps it can be done by a registry tweak. IE itself doens't have a option to enable/disable it.

HERE is some information about how IE handles referers

[lee16]

Are referrer's actulary anything to worry about, would it make it easyer for them to hack/virus me if they new i last was on the avast forums or i was looking at FF (game) movies on the inet?.

--lee

[Lisandro]

Eddy, very thanks for the article. Very illustrative... But, I can't figure out how to tweak that  

[Gene Johnson]

lee: I beieve that when you link from one site to another, the site you link to can have the info off the page you came from. If on that site were confidential info like email addresses, credit card info or anything you did not want the new site to see, that would be the problem.

Gene.............

[RejZoR]

Exactly. By default,good online services use secure protocol (HTTPS) that doesn't use referring,doesn't cache files and so on. This provides many security mechanisms that prevent third party from getting your informations as Gene already mentioned.

But there is many unsecure services which use normal HTTP protocol.
If its not designed well,it can store your username/password or even credit card number into referrer "register" or "buffer" as i explained before. And if you visit some page right after you entered sensitive info,they can simply read that sensitive info from referrer.

[lee16]

In IE, go to  Internet options>Content>autocompleat, then you can stop passwords an so on from being saved, and wipe any forums/passwords already saved, if referrer's are already there, is it pointless doing it?

--lee

[Delta]

Blocking referers shouldn't be the job of a firewall. A local proxy such as The Proxomitron (my favourite, a very powerful program) or Webwasher will block them.

The Proxomitron can be downloaded here
www.proxomitron.info/files/index.html

www.proxomitron.org

has a list of other local proxies (including Webwasher).

Delta.

Edit: added links.

[RejZoR]

No,browsers should handle the referrer,not firewalls. I have referrer totaly disabled in Firefox and i have no problems on pages. Some download systems refuse because they don't detect their site being browsed first (anti-leech),but nothing too serious.

[Delta]

For more firewall and other tests try Eric Howes site here

netfiles.uiuc.edu/ehowes/www/main.htm

Look for Online security & Privacy tests in the left hand frame.

Delta.

Edit: Cut and paste the link into your address bar.

[lee16]

I have referrer totaly disabled in Firefox

I can't see it anywere in firefox, could you give some direction to the exsact place in the browser please, or is it by about:config?

--lee

[neal62]

lee,

In firefox, go to tools, options, privacy.  Under privacy you will see "saved passwords"  Click on that and then you'll see the option of "remember passwords". Make sure that option is un-ticked. I believe this is what you were asking about Firefox.