Mig Greengard's ChessNinja.com

Cookies from FIDE

By Mig on April 27, 2006 23:20 | Permalink | 4 comments

Before we get to serious topics, any other privacy nuts out there been to the FIDE website lately? They seem to have gone in very heavily for third-party cookies in the past week, so much so that I wondered if the site had been hacked. [Actually the case, see below.] Every visit receives dozens of attempts to place tracking cookies on your computer. These aren't the usual site traffic monitoring cookies or the handy auto-login cookies (as used by the system that runs the ChessNinja.com message boards). Just a few of the domains that tried to place cookies just the last time, (most with .com or .info): search123, seekmen, phenetidine, revenuepilot, sacredpheonix, mygeek, pornmoviecollection, cnzz, primaldefense, criminalattorney.

I'm assuming the webmaster over there signed up for a package and will make a few bucks for allowing thousands of third-party sites to set (and read) tracking cookies on everyone who visits the FIDE website. Mostly this sort of abusive behavior is limited to hacking, warez, and porn sites. So I hear. This is overall less of a privacy hazard than big cookie tracking networks like 2o7.net, but it's still obnoxious. Especially if you are a tinfoil hat type and have your machine set to alert you to all new cookie attempts. Each visit gets a new set, although I'm sure they'll be exhausted eventually as Firefox permanently bans each domain. Weird.

Followup: This from Gennady Rakhvalov at the FIDE offices via George Mastrokoukos. Good response time, gentlemen! Glad it wasn't on purpose.

FIDE.com was hacked using NTFS Alternative Data Stream vulnerability which is not yet closed by Microsoft. Because of that about once a day one or two pages of the website were injected with a command leading to a script containing banners. It took some time to find out what the problem was. Now we think the problem is fixed, but anyway still constantly monitor web pages.

ADS exploits are a typical Windows server problem, not that you care. (Let's get together for coffee and discuss type commands...) Linux 4 Ever.

Categories:

4 Comments

SonOfPearl | April 28, 2006 2:19 AM

Welcome back Mig. Nice to have you around again. I was beginning to think the lunatics had taken over the asylum.

Thanks for the heads up about the FIDE side. I'll put it on my Firefox blocklist. How low can they get? Hardly the actions of a responsible and professional world governing body is it?

Ruslan | April 28, 2006 6:49 AM

You wanted to see Topalov-Kramnik? Here you are. Now they need to find one million dollars, and it's certainly part of their business plan.

Michael Towns | April 28, 2006 9:40 AM

Great to have you back, Mig.

SonOfPearl | April 28, 2006 3:24 PM

Having read the followup, I take back my first comment. But FIDE still sucks :)

Twitter Updates

    Follow me on Twitter

     

    Archives

    About this Entry

    This page contains a single entry by Mig published on April 27, 2006 11:20 PM.

    Ping was the previous entry in this blog.

    Kasparov Meets G�del is the next entry in this blog.

    Find recent content on the main index or look in the archives to find all content.