HumanClick Exposed by Darren Pierce of BTB Information Technologies (03/10/2001)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

As per humanclick.com, they claim to offer:

	Live Customer Service--in a Click!
	with the leading Customer Service
	Application over the Internet.
	  * Talk to your website visitors - Free!
	  * Greet them or let them ask you questions online.
	  * Easy - Your vistors don't have to download anything.

What they don't bother to mention is how they provide a live, real time 
monitoring application that can track pages from your server, even if you don't
host from your home. On top of that, it's free, and available to ANYONE.

The purpose of HumanClick is to provide real time answers to people's questions 
by placing a chat button on your site. The service can be used for free, and 
they offer Pro and Express service plans for 89.50$US and 19.50$US respectively.

HumanClick consists of two parts. The first part is the code that is placed on
your site. Second is the client software you use to interface with people.

The code then is split into two parts, the HumanClick Button, and the Monitor.
The button is simple to figure out, you take the code, place it on your site 
where you want the button to show up. Then when people visit the site they can
simply click on the button, and they will be connected to the client software so
that they can chat.

The Monitoring code is what is important. HumanClick will generate code that you
place on all pages you want monitored. Once you have the code in place, and a
user visits that page, your HumanClick software will make a door bell noise and
the visitor will show up on your current list of users.

The code then reports a wide variety of information about the user. This 
information includes their IP/Host, the current page they are visiting, how long
they have been on the site, and how many pages they have viewed. On top of that,
it displays their last visit, when their last chat was, their Host (ISP), the
referring page, and what browser they are using. This is all pulled from your
system without your knowledge, and from what I can tell, it does it without 
opening any ports on your system.

What's significant about this, is that this is all shown in virtually real time,
and what is truely important is that they never know it is going on, you don't 
need to include the button code on the site to use the HumanClick monitor, and 
the only real way to find it would be to analyze the code of the site.

So you're wondering what's the point of all that huh? Well first of all, this is
a major invasion of your personal privacy on the web. Keeping logs on users is
one thing, but stalking them online in real time could pose a major issue. 

One of the first uses that came to mind with this, would be a very quick and 
easy way to get someone's IP address. You can set up a site on Tripod or another
free service, add the HumanClock monitoring code and ask your victim to visit
your site. Once they visit your site, you'll hear that door bell ring, and you
have the victim's IP and you could possibly launch an attack.

This would prove handy on AOL users or anyone you talk to over a chat medium 
such as AIM or ICQ. Please understand that I do not condone such use of the
service just because I find it lame as fuck and you can be spending your time
expanding your mind and learning to truely hack and exploit the world. This text
was to inform you of how your privacy can be invaded in real time, and possibly
used against you without your knowledge.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This file was obtained from http://www.bombthebox.com/textware/
©2000-2001 Bomb the Box Information Technologies. All Rights Reserved.
This document can be redistributed as long as it remains intact.