This recently happen to Jed and me on another web site. Don’t Fall For This Hoax! Frequent contributor Dennis Regele had a justifiable scare last week: He was visiting a Russian web site and… well, let’s let him tell the story in his own words: it’s been a while since i wrote to you, i know you're busy but i didn't know who to turn to with this. the other night i was surfing some russian newspapers on the web when i came upon a listing for a radio station in st. petersburg. the site had several frames an one said " we know who you are " since i have my security set to medium, and no info other than a secondary email address listed in my browser(IE 5.0), i thought yea, sure you do. well it went on to list my ip address, domain and data about my browser. well that's not to hard to get. BUT at the bottom is said, "We also well know contents of your computer and we can quietly up to him reach." [They mean: "We know, and can quietly access, the contents of your computer."] then there was a button above which said " do not trust ? " [They mean: "You don’t believe us?"] i thought sure, pressed the button and the contents of my hard drive appeared on the screen! Well after the initial shock i thought how did they get into my hd so i used the edit key in the files menu and saved it. next i went off line and used my anti-virus software to check for any viruses, then went through my hard drive to find and eliminate any files from that site (other than the one i copied of the page itself.) again every thing was clean. My question is a) how do they do this, and B) how can i protect against it. if you can shed any light on this for me i'd really appreciate it. i hope someone else can be spared the hassle of this kind of .... thanks in advance, Dennis Regele I visited the site (>Link But it turns out just to be a clever and harmless prank, or hoax. The button simply issues a local "file://c:/" command to your browser, which then locally (and harmlessly) displays your hard drive contents. You can accomplish the same thing a lot less mysteriously simply by typing file://c:/ in the address bar of your browser. Try it! That's all the button on that page does---it just locally commands your browser to show you your own local drive contents. Nothing is sent over the wire; the Russians never see the results (the display of your hard drive contents) on their end. In other words, it’s a hoax: They're just pulling our chains. 8-) Cute hack, though!
| 
