lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: gem at rellim.com (Gary E. Miller)
Subject: Is the FBI using email Web bugs?

Yo Todd!

On Thu, 8 Jan 2004, Todd Burroughs wrote:

> I was wondering what "Web Bug" was, got figuring that it was simply
> clicking (or automatically clicking) on a link.

A web bug can be much more than that.  When you read an HTML email or
web page your workstation can send back gobs of information aount you.

For a benign web bug check out awstats: http://awstats.sourceforge.net.
It is an automated system for collecting web user data.  It collects
some interesting data on the user using the "awstats.js" web bug.
	screen size
	operating system
	browser type and version
	java support
	pdf support
	flash support
	etc....

It could easily return any data that is available to the local javascript
engine.  Depending on security setting it could read/write any file or
registry on your local workstation.

More malicious "web bugs" are out there.  Like active-X controls that
install silently and log all your keystrokes.  My daughter found several
that just pop up porn links on the desktop randomly.  Spammers use "web
bugs" to turn your IE into silent spam bots.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
	gem@...lim.com  Tel:+1(541)382-8588 Fax: +1(541)382-8676


Powered by blists - more mailing lists