lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <077a01c35e2e$cbae4c10$6ce5d2d1@myesn.com>
From: jimmys at myesn.com (Jimmy Sadri)
Subject: BGSOUND - redux

You don't need the <bgsound> tag to do tracking of ip addresses, all you
have to do
is include a jpeg or some other pic embeded in html and it will do the same
thing.

----- Original Message ----- 
From: "morning_wood" <se_cur_ity@...mail.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Friday, August 08, 2003 9:02 PM
Subject: [Full-Disclosure] BGSOUND - redux


> heh... the spammers found out... luckily for me its just a nice melody. of
> note is the use of this for tracking ip addresses, etc via the remote
> <bgsound> tag
>
> example from my mail
> ================
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:v =
> "urn:schemas-microsoft-com:vml" xmlns:o =
> "urn:schemas-microsoft-com:office:office"><HEAD><TITLE>???R???B??</TITLE>
> <META http-equiv=Content-Language content=zh-tw>
> <META content="MSHTML 6.00.2600.0" name=GENERATOR>
> <META content=FrontPage.Editor.Document name=ProgId>
> <META http-equiv=Content-Type content="text/html;
> charset=iso-8859-1"><BGSOUND
> balance=0
>
src="http://mychannel.pchome.com.tw/channel/class/show_preview.php3?d=2002-
> 09-17&amp;enname=0410&amp;t=.mid&amp;fn=music&amp;view=1"
> volume=-600 loop=infinite>
> <STYLE></STYLE>
> </HEAD>
>
> so here we have email address validation / ip matching capabilities
through
> <bgsound> tag.
>
> damn spam ( got some ham? )
> hmmm... makes me miss Hawaii   -= Spam? =-
>
> morning_wood
> http://e2-labs.com
>
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ