lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-id: <47002EF8.4945.3F162DEA@nick.virus-l.demon.co.uk>
Date: Sun, 30 Sep 2007 23:19:20 +1300
From: Nick FitzGerald <nick@...us-l.demon.co.uk>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Testing DidTheyReadIt.com

Juha-Matti Laurio to Thierry Zoller:

[un-top-posted]
> > Just a sample test of how many of you read this email. Let's see how
> > good it performs for mailinglists and what comes out.
> 
> Your headers etc. doesn't state that this service is in use.

Maybe not _directly_, but comparing Received: headers in other Email 
Thierry has sent to Full-Disclosure from his @Zoller.lu address, you 
quickly see that hyperion.vo.lu is usually (??) the machine that 
injects such messages into the mail chain, whereas "his" test message 
was injected by colibri.e-mail-servers.com

Aside from being totally useless "against" those who use text-only 
MUAs, this kind of service is generally useless because increasingly, 
even vendors like MS realize that user privacy is actually somewhat 
important and increasingly make NOT retrieving remote images (and other 
content) in "rich text" Emails the default, rather than just providing 
an option to turn off such attrocities should the user be aware enough 
to go looking for such an option...

This is an example of a service that, in general, should not work, and 
in future will be increasingly more useless, I think.

In the meantime, all (???) those using it should be asking what kind of 
data leakage they are exposing themselves to, through possible message 
content scanning and sender/receiver address usage patterns, among 
others.


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ