| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: chows at ozemail.com.au (Gregh) Subject: Is the FBI using email Web bugs? ----- Original Message ----- From: "Ben Nelson" <lists@...om600.org> To: "Gregh" <chows@...mail.com.au> Cc: <full-disclosure@...ts.netsys.com> Sent: Thursday, January 08, 2004 11:33 AM Subject: Re: [Full-Disclosure] Is the FBI using email Web bugs? > Gregh wrote: > > wont listen. In Zone Alarm you can tell it to DISALLOW Outlook Express (or > > whatever you like) access to different ports. So, I tell it to disallow > > access to or from port 80 by OE. Thus, a received HTML email with pics and > > such in it just shows blanks, "x" or placeholders, really. Now, while saying > > this, if you decided to use some other port to report back on, sure, you > > would get around this but the majority of spam operators who spam you don't > > require JUST the "click to remove" to be clicked to verify you DO exist thus > > send more spam and sell the address to another spammer. They also have port > > 80 and if the email is clicked on by a typical OE setup, just to delete, it > > "phones home". For those described earlier in this paragraph, ZA blocking OE > > in/out on port 80 stops most of the phone home stuff. > > Couldn't you just block all port access from OE *EXCEPT* those that are > needed? (probably 25, 110, 143) Nope from V4 upwards. Yes around V3.7x. They stuffed that handy feature up. You could block those ports for ANYTHING but that is probably not a good answer for everyone. Greg.
Powered by blists - more mailing lists