From: security curmudgeon 
To: Denny 
Date: Thu, 5 Jan 2006 09:56:00 -0500 (EST)
Subject: Re: http://attrition.org/news/content/05-12-31.001.html


: Hi...  do you seriously not know why morons don't notice your image
: substitution?  It's because their IE cache holds the image from when
: they found it on your site, and so /for them/, it displays the original
: image when they view their page with it embedded.

i'm aware this happens, but..

1. that cache doesn't stay around forever. if the image is used on their
main profile, when they view it seven/fourteen/whatever days later, it
won't show up like they originally saw it

2. many times, they are posting it on the blog portion of the myspace
profile. how is it one person can post, and another hundred read it and
not notice or comment that the image is insulting them?

3. i need to read the IETF specs I guess, but it seems odd to me that i
can view http://a.b/page.html which calls http://a.b/image.jpg, and it
will cache *and display *the image even though http://c.d/hi.html will
call the same image, but the web server will tell it load
http//c.d/pic.gif instead. basically, the browser is remembering a cached,
and potentially outdated link, without checking the server for a 301/302
response. mind you, most of my http knowledge comes from using a) opera,
b) firefox and c) looking at http logs on attrition.org .. but based on
that, it seems like image should not render, even if in cache. yes yes, i
know it does, and i know it is likely doing the check for the image (which
would result in the 301/302 error) without checking the (potentially) new
href that caused it.

4. if number three is confusing, it is because its 8am and i've had too
much to drink and haven't slept yet

5. none of this excuses 60,000 link attempts to my images in a 24 hour
period. i don't care if it works in their browser or not, its flat out bad
netiquette and abusing *my server* and *my bandwidth* because of *their
stupidity*.