Hi, Please allow me to introduce myself. My name is Ellen O'Rourke and I am Host Member Manager for ValueClick. I would like to refer to the letter you wrote BUGTRAQat_private regarding "ValueClcik vernerability." Let me explain: If the user decides to go to another site after they are logged in, either via a bookmark or typing in a url, the referring url will be blank. If we had a link to the outside, the referring url would contain the logged in user's username and password. The links that we do have to the outside, such as on the exclude banners page where a user can click on a banner to view the advertiser's site, have the referring url stripped off to protect the host's login info. If you have evidence that contradicts this, we would very much appreciate your advising us. We appreciate your interest in ValueClick. --------------------------------------------------------- Ellen O'Rourke Member Site Manager ellenat_private ValueClick The pay-for-results advertising network! ValueClick Banner Ad Network http://www.valueclick.com ---------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:25:18 PDT