lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040512172248.GW15373@aaronp.com>
From: sith at sithender.com (sith@...hender.com)
Subject: leaking

On Wed, May 12, 2004 at 10:16:23AM -0500, Alerta Redsegura wrote:
> I am really curious to know how you can collect e-mail addresses from a
> plain image fed from a website shown on an e-mail.
> 
> IP, yes.  User-agent, yes.  But e-mail addresses???

You don't _collect_ email addresses (they obviously already have it if they
are sending you email with it, ;)  But you can verify email addresses with
it.

The easiest would be to put a hash or some other identifier of the users
email address in the url for the image, then have mod_rewrite rewrite the
url (or not, who cares... you just wanted to verify the email address was
good) to an actual image on your system, and log the embeded info and
compare to your known addresses.


Aaron Peterson


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ