lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: lists at venom600.org (Ben Nelson)
Subject: Is the FBI using email Web bugs?

Poof wrote:
> Actually- the problem with that is that fine... it won't allow any ports
> except for the needed 25/110/143... Then what's to stop an image from using
> http://www.spamsite.com:25/110/phonehome.jpg?emailaddress(or whatever)
> 
> ... Nothing!
> 
> Nice try though... Best protection is through your email client. O2K3 does
> it native ^^
> 

I realize that, my point was that blocking more is better than blocking 
less.  Whenever you can block everything and allow only the needed 
traffic, you'll be better off.  Removing as many possible 'phone home 
vectors' as possible certainly can't hurt and is good security policy in 
general.

--Ben


> ~
> 
> 
>>-----Original Message-----
>>From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-
>>admin@...ts.netsys.com] On Behalf Of Ben Nelson
>>Sent: Wednesday, January 07, 2004 7:34 PM
>>To: Gregh
>>Cc: full-disclosure@...ts.netsys.com
>>Subject: Re: [Full-Disclosure] Is the FBI using email Web bugs?
>>
>>Gregh wrote:
>>
>>>wont listen. In Zone Alarm you can tell it to DISALLOW Outlook Express
>>
>>(or
>>
>>>whatever you like) access to different ports. So, I tell it to disallow
>>>access to or from port 80 by OE. Thus, a received HTML email with pics
>>
>>and
>>
>>>such in it just shows blanks, "x" or placeholders, really. Now, while
>>
>>saying
>>
>>>this, if you decided to use some other port to report back on, sure, you
>>>would get around this but the majority of spam operators who spam you
>>
>>don't
>>
>>>require JUST the "click to remove" to be clicked to verify you DO exist
>>
>>thus
>>
>>>send more spam and sell the address to another spammer. They also have
>>
>>port
>>
>>>80 and if the email is clicked on by a typical OE setup, just to delete,
>>
>>it
>>
>>>"phones home". For those described earlier in this paragraph, ZA
>>
>>blocking OE
>>
>>>in/out on port 80 stops most of the phone home stuff.
>>
>>Couldn't you just block all port access from OE *EXCEPT* those that are
>>needed? (probably 25, 110, 143)
>>
>>--Ben
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists