lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040107183315.GB24509@SDF.LONESTAR.ORG>
From: petard at freeshell.org (petard)
Subject: Is the FBI using email Web bugs?

On Wed, Jan 07, 2004 at 12:34:58PM -0500, William Warren wrote:
> Astaro security Linux has a webproxy that has an option(which i use) to 
> block web bugs....:)
> 
How can it tell web bugs from any other HTTP requests? The only thing
that makes a URL contain a web bug is that I only sent it to you. So if
I control images.example.com, and I send you and only you an email
that includes the image

http://images.example.com/faces/smile.png

but on the server smile.png is a script that records information from
your HTTP request before generating an image of a smile, how does your
proxy distinguish my web bug from a normal image? They only look like
obvious web bugs if I need to track thousands of recipients. If I've
targeted you, you just can't tell.

Regards,

petard


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ