lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <00cc01c3d5c9$5ecd9520$6500a8c0@p41700>
From: chows at ozemail.com.au (Gregh)
Subject: Is the FBI using email Web bugs?

----- Original Message -----
From: "Azerail" <Azerail@...ersecretninjaskills.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Thursday, January 08, 2004 9:08 PM
Subject: Re: [Full-Disclosure] Is the FBI using email Web bugs?


> On Thu, 08 Jan 2004, Ben Nelson wrote:
>
> > Poof wrote:
> > >Actually- the problem with that is that fine... it won't allow any
ports
> > >except for the needed 25/110/143... Then what's to stop an image from
using
> > >http://www.spamsite.com:25/110/phonehome.jpg?emailaddress(or whatever)
> > >
> > >... Nothing!
> > >
> > >Nice try though... Best protection is through your email client. O2K3
does
> > >it native ^^
> > >
> >
> > I realize that, my point was that blocking more is better than blocking
> > less.  Whenever you can block everything and allow only the needed
> > traffic, you'll be better off.  Removing as many possible 'phone home
> > vectors' as possible certainly can't hurt and is good security policy in
> > general.
> >
> > --Ben
> >
>
> Why don't you guys just cut to the root of the problem and not use
> mail clients that access files on other people's servers when you read
> your mail.  HTML e-mail sucks.
>

You don't HONESTLY think that is what makes you safe in email do you?

Greg.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ