[I could swear i sent this already and even got a couple responses but no answers, however I cannot find any such things in my mail logs or in the searchable list archives. If I did and there were answers posted if someone could point me to the result in the list archives that would be fine] In the process of setting up a multilingual site we started logging the accept_languages header just out of curiosity. I've noticed a strange HTTP_ACCEPT_LANGUAGE header appearing: HTTP_ACCEPT_LANGUAGE=en,x-ns1bdJ6k9jzNhQ;q=0.7,x-ns2r3109OnmPe2;q=0.3 HTTP_ACCEPT_LANGUAGE=en-us,x-ns1x2TumPKxNhQ;q=0.4,x-ns2r3409OnmPe2 HTTP_ACCEPT_LANGUAGE=en,x-ns1bdJ6k9jzNhQ;q=0.7,x-ns2r3109OnmPe2;q=0.3 Note the x-ns1 and x-ns2 languages that seem to be leaking random data. It looks to me like base64 encoded 8 byte blocks. About the right size for DES keys or blcoks. (In fact two of them would be exactly right for DES3.) I've done web searches and cannot turn up any documentation or comment on this. It seems like an odd side-channel to be using to leak this information. Does anyone know anything more about it? -- greg
