Verant snooping in temporary Internet files?

[Fatty]

Anyone ever tried a program from Sysinternals called handle?(http://www.sysinternals.com/ntw2k/freeware/handle.shtml)

I tried it today and checked out everquest.
If you open a dos box and run handle with this: "handle -p everquest", without the quotes, you will get a list of files that everquest has accessed. Note, I havent started everquest fully, just gotten to the click play window.

Here are a few:
C:\Documents and Settings\Username here\Local Settings\Temporary Internet Files\Content.IE5

C:\Documents and Settings\Username here\Local Settings\Temporary Internet Files\Content.IE5\index.dat

There are more internet files listed too thats accessed.

If you want some more info, write "handle -a -p everquest".

Here is one you get then.
\BaseNamedObjects\C:_Documents and Settings_User name here_Cookies_index.dat_Some number here

Now, what im wondering. What is everquest doing with accessing these places? What possible use do they have of cookies? My thought was that they could scan cookie names or sites been to, to get a list of possible hackers.(Search for seq.sourceforge.net...)

Now, these files are actually hidden in the operating system, and deleting the internet explorer history doesnt delete the content of Content.IE5, which shows where you have been on the net. To see/delete this catalogue, you have to write in the catalogue manually, for example: "C:\Documents and Settings\Username here\Local Settings\Temporary Internet Files\Content.IE5"

I dont know if this means anything at all. Was hoping other hackers had more information about this and possibly find out what eq is really doing with access to these files/registry settings.

[mvern]

The patcher uses embeded internet explorer stuff for downloads - your just seeing ie access cookie files, not really anything out of the ordinary.

[high_jeeves]

This is also a good search before you post situation... This problem gets "detected" by some amatuer hacker about once every two months, and we all hear about how the sky is falling, again.

Search = Good.

--Jeeves

[cbreaker]

Although on EVERY SINGLE thread related to this I had to sift through high_jeeves bullshit ("This has been discussed!!! How dare you post this again!!") this has indeed been posted before.

In fact, one person even used the same tool as you. However, I saw no mention of a sky falling.

[Iam_Walrus]

It's not "How dare you post this again!" it's "Quit wasting your keystrokes and please use the Search tool. It gets lonely when it isn't being used..."

[Fatty]

Yeah, I could find the answer to this if I searched for sysinternals or cookies, not when searching for handle though. And no, the tool that was used by others was filemon, thats another utility than I used, although from same provider.

However, even though they use/need these files, doesnt mean they cant pull out some information from them. Could for instance search for certain keywords and send a true/false answer to the server about it. Would be pretty hard to detect, unless you can detect searches through these files.

Anyway, im sure its benign. Remember though, its easier to say use the search tool when you read this board every day and know everything whats going on in here. And im sure, many other people havent read about it, since its hidden 'deep' in the archives.

And nowere did I mention anything about 'Sky is falling'. Just posted to gain insight into what other people knew about this. I thought they probably did use it for something other than snooping, which indeed seems to be the case here.

And yeah, I should have used the search tool here, I aknowledge that.

[high_jeeves]

You should always search before you post. period. It really isnt that hard to find the information you need. For example, a search of "temporary internet files" brings up the answer. A number of other searches I tried also found answers on the first page of search results.. Searching isnt that hard. Do it first.. save everyone, including yourself, some time.

--Jeeves

[Lyroschen]

On the same note, Jeeves, your post has been said before, too. Might be worthwhile to search before you post. Unless it just makes you feel superior to flame, in which case, falme on!

My kudos to mvern who replied:

The patcher uses embeded internet explorer stuff for downloads - your just seeing ie access cookie files, not really anything out of the ordinary.

Can we end this thread here? Or do more egos need fluffing?

[spungee]

mine mine mine

[wolfy]

watching you all bicker about searching to see if a post has been made before, is like watching a bunch of old women nagging their husbands.

posts do happen again, just live with it, and repetative whinges like yours would no longer happen.

[PainNSuffering]

Search on "search before you post"
Displaying Topics 1 to 25 of 173

Search on "search before you post + Username: high_jeeves"
Displaying Topics 1 to 25 of 43

It would apear he has said this before, but does not seem to be alone in that fact. But I am 100% sure, some one else has told jeeves he has told people to use the search feature before. I will leave the searching for telling people to search for yourself, since it seems to be important to you.

[QuerySEQ]

EQ snooping Temporary Internet Files.

the guys that Program EQ are actually pretty smart.

NO, SOE is not snooping your Temporary internet files.

EQ's new interface uses XML. XML for the programmers is MUCH easier and faster to modify than making hard code changes to the game itself, PLUS it makes the actual applications smaller ( if anyone paid attention to that, with the advent of the new interface and removal of the old one, reduced the 'footprint' of EQ by almost 120K!!!..

What does XML do for EQ? Well, with Windows 98+ and IE5+, the Browser was integrated into the OS, so.. instead of trying to write and modify a propritary interface. They use native MS code to access features.

That cool little MP3 player? It uses native Microsoft MCI codes ( those of you that knew how to do it, actually had MCI 'hotkeys' running that would play MP3's before that advent of the new little 'toy' player.

Alas... I go to far. Since the INTERFACE is now XML based, it uses the Browser features embedding in IE ( your OS ). Since the browser throws things in the Temporary Internet Dir, (to work with them, parse them, disgard or cache them) is why EQ is 'sort of' using the Temporary Internet Files directory..

Does that answer your question?

[Poncho]

Hmm, interesting thread really. I too noticed the same thing Fatty originally brought with this thread. I think his whole post was eluding to the questions:

If I notice EQ scanning my temp internet files, can they see that I have been such sites as this?

and

Can they, or are they going to do anything about it?

Well, thats what I read from the post anyhow. It never really worried me, but the lingering questions were still in the back of my mind.

Query- nice post. Perfect answer as far as I'm concerned. Nice to be spoon-fed that 2+2 =4. Still trying to figure out why I tend to get 3 1/2 sometimes


Poncho

[high_jeeves]

Unfortunately, QuerySEQ's post is, in all likelyhood, wrong.

1) The reason the application footprint got smaller is that they were able to remove all of the the old UI code and resources from the application. Instead of having code and resources for 2 UIs, they only had one.

2) EQ itself probably does not use IE to do its XML work. Why? because that would require a large amount of code in memory, that EQ doesnt need. More than likely, they picked up one of the many extremely inexpensive (or even free), and light weight XML parsing libraries, and use it to parse the UI xml. It is even quite possible that they wrote their own, since it is a relatively trivial task.

3) EQ has always hit the temporary internet files, since LONG before the new UI was introduced (just searching on this forum will show that to be true). EQ loads the IE libraries (which, in turn look through temporary internet files) in order to do the patching, which uses standard HTTP as its transport.

As for wether or not they can look at what pages you are going through: Any application on your system could do that. For that matter, its pretty trivial to write some javascript on a web page that does the same thing. Are they doing it and sending back information? No.

Again, ALL of this information has been stated before, by many people here, myself included...

--Jeeves

[QuerySEQ]

Jeeves is probably correct on the interface part, I did not mean to imply that EQ uses IE, but the same library 'hooks'.

Anything from the patcher to the new UI. Even those of us that use Nutscrape, have a temporary area for that work to be performed.

The patcher 'unloads' when it has completed its task and launched the application. I have found many EQ xml objects in my temporary files directory.

I dont know for certain if they can or cannot actually use your temporary internet files. I am sure it is possible, however.. if Caught doing such, it would be an infringement of privacy, and they would be liable. due to the fact that it is quite easy to see that occur, I seriously doubt SOE would want to try and explain that to the International Community, as well as having a pretty hefty class action against them for it.

I think it is just a place that is being used to parse, temp, discard..etc..