lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: chows at ozemail.com.au (Gregh)
Subject: Is the FBI using email Web bugs?

----- Original Message -----
From: "petard" <petard@...eshell.org>
To: "William Warren" <hescomingsoon@...izon.net>
Cc: "Ed Carp" <erc@...ox.com>; "Richard M. Smith"
<rms@...puterbytesman.com>; <full-disclosure@...ts.netsys.com>
Sent: Thursday, January 08, 2004 5:33 AM
Subject: Re: [Full-Disclosure] Is the FBI using email Web bugs?


> On Wed, Jan 07, 2004 at 12:34:58PM -0500, William Warren wrote:
> > Astaro security Linux has a webproxy that has an option(which i use) to
> > block web bugs....:)
> >
> How can it tell web bugs from any other HTTP requests? The only thing
> that makes a URL contain a web bug is that I only sent it to you. So if
> I control images.example.com, and I send you and only you an email
> that includes the image
>
> http://images.example.com/faces/smile.png
>
> but on the server smile.png is a script that records information from
> your HTTP request before generating an image of a smile, how does your
> proxy distinguish my web bug from a normal image? They only look like
> obvious web bugs if I need to track thousands of recipients. If I've
> targeted you, you just can't tell.
>


One thing that I routinely do for small businesses of one computer only who
require access to email and wont hear of NOT using HTML (Oh yeah, it
happens!) is install Zone Alarm. Eg, they are too small to afford better or
wont listen. In Zone Alarm you can tell it to DISALLOW Outlook Express (or
whatever you like) access to different ports. So, I tell it to disallow
access to or from port 80 by OE. Thus, a received HTML email with pics and
such in it just shows blanks, "x" or placeholders, really. Now, while saying
this, if you decided to use some other port to report back on, sure, you
would get around this but the majority of spam operators who spam you don't
require JUST the "click to remove" to be clicked to verify you DO exist thus
send more spam and sell the address to another spammer. They also have port
80 and if the email is clicked on by a typical OE setup, just to delete, it
"phones home". For those described earlier in this paragraph, ZA blocking OE
in/out on port 80 stops most of the phone home stuff.

I don't care if it is a legitimate HTML received email from somewhere where
you WANT to receive same. It's blocked and that is that. When I explain how
some spammers get your records just by deleting the email, most agree it is
OK and for those who don't, if I want to retain them as a customer, I
explain how to stop ZA running when they want and why it should be on most
of the time. Oh and BTW, these small companies are usually WIN98/ME.

Greg.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ