Security Basics mailing list archives

RE: readnotify.com

From: "Ebeling, Jr., Herman Frederick" <hfebelingjr () lycos com>
Date: Wed, 25 Jan 2006 13:12:55 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----Original Message----
From: HTRegz [mailto:htregz () aoaddicts net]
Sent: Wednesday, 25 January, 2006 03:21
To: hfebelingjr () lycos com; security-basics () securityfocus com
Subject: RE: readnotify.com

: Hey Hey,
: 
: ReadNotify (for standard emails) using 1x1 tracking to follow your
: message... it inserts a 1 pixel by 1 pixel image into the HTML of the
: email (If you're using Outlook for example, right click and go to View
: Source), you'll see the location to that image. When this image is
: accessed, the email is considered read. (so for example
: hfebelingjr () lycos com readnotify com) would ask you to send a read
receipt
: and you would say no... but then if your mail viewer retrieved images by
: default, the user would still receive a read receipt.
: 
: There is also the option of sending an email to
: hfebelingjr () lycos com silent readnotify com in this case when you open
it,
: you will not be asked to send a read receipt but if you tell it to
: download images... it will notify the user that it has been read...
: 
: Best way to disable/prevent it... don't download images on your emails...
: You can check your message headers (if it's not silent... and you do get
a
: read receipt request and you'll see X-Read-Notification: Courtesy of
: ReadNotify.com - http://www.<garbage>.readnotify.com) With the silent
one,
: you have to look at the source... The following code is added to the
: email. 
: 
: ----SNIP----
: <div alt="v2beqz3u2r6vj1."><pre>&nbsp;</pre><pre>
: <br><Img moz-do-not-send="true" border=0 height=1 width=3 alt="0"
: lowsrc=""
:
Src=http://www.<garbage>.ReadNotify.com/nocache/<garbage>/footer0.gif><Img
: moz-do-not-send="true" Border=0 Height=1 Width=2 Alt=""
: Lowsrc=http://www.readnotify.com/ca/rspr47.gif ><BgSound volume=-10000
: Alt='' Lowsrc=""
: Src=https://tssls.<garbage>.ReadNotify.com/nocache/<garbage>/rspr47.wav>
:  </pre><table height=1 width=3 border=0><tr><td background
:  =http://0320.185.62311/nocache/v2beqz3u2r6vjP/rspr47.gif>
: </td></tr></table>
: ----END SNIP----
: 
: So basically preventing images from downloading... I apologize for the
: rambling in there... it's late... Hopefully you understood all of this.
: 
: Peace,
: HT
: 
: 
: -----Original Message-----
: From: Ebeling, Jr., Herman Frederick [mailto:hfebelingjr () lycos com]
: Sent: Monday, January 23, 2006 7:46 PM
: To: security-basics () securityfocus com
: Subject: readnotify.com
: 
: -----BEGIN PGP SIGNED MESSAGE-----
: Hash: SHA1
: 
: Does anyone know anything about a web site called
: (http://www.readnotify.com/)?  If so does anyone know of anyway to
: prevent it from sending it's return receipts to the sender?
: 
: Herman
: Live Long and Prosper
:  ___________________          _-_
:  \==============_=_/ ____.---'---`---.____
:              \_ \    \----._________.----/
:                \ \   /  /    `-_-'
:            __,--`.`-'..'-_
:           /____          ||-
:                `--.____,-'
: 
: -----BEGIN PGP SIGNATURE-----
: Version: PGP 8.0.3
: 
: iQA/AwUBQ9Vl5B/i52nbE9vTEQI9XgCg3Nhg6Fvo0Eb8SNifD9BPzKSM4csAnivR
: LPCQGjXz9OhMxTZBZHXwZBQM
: =IEYv
: -----END PGP SIGNATURE-----

HT,

        No problem about the rambling, I am interested in learning all that I can
about computers and right now about (www.readnotify.com) and how to defeat
it.  Does readnotify appear in the headers in any form if an E-Mail is sent
"silent?"  As I said (I think) in my reply to Jim, I presume that IF one
saves an E-Mail as a text document without opening it, that one can then
read it's content WITHOUT "tripping" the embedded image?

        I've already scanned the headers and saw the readnotify.com reference in
'em.  Which I guess it's a good thing that I know how to read headers,
which is how I found out about readnotify.

Herman
Live Long and Prosper
 ___________________          _-_
 \==============_=_/ ____.---'---`---.____
             \_ \    \----._________.----/
               \ \   /  /    `-_-'
           __,--`.`-'..'-_
          /____          ||-
               `--.____,-'

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQ9e98B/i52nbE9vTEQK8VwCg+dEgNkBO8ZENUU/mFV6pcpGDWQQAoPm8
iO4BJQz3KV+2PtF3JbaE4QDR
=UL1M
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Re: readnotify.com, (continued)
- - Re: readnotify.com Larry Offley (Jan 26)
    - RE: readnotify.com Ebeling, Jr., Herman Frederick (Jan 25)
    - RE: readnotify.com evb (Jan 25)
    - RE: readnotify.com evb (Jan 27)
  - Re: readnotify.com Jim Halfpenny (Jan 26)
    - RE: readnotify.com Ebeling, Jr., Herman Frederick (Jan 26)
    - Re: readnotify.com Saqib Ali (Jan 27)
    - RE: www.readnotify.com Ebeling, Jr., Herman Frederick (Jan 27)
    - Re: readnotify.com Ansgar -59cobalt- Wiechers (Jan 27)
  - RE: readnotify.com HTRegz (Jan 26)
    - RE: readnotify.com Ebeling, Jr., Herman Frederick (Jan 26)
- PGP 8.0 Ebeling, Jr., Herman Frederick (Jan 24)
- Re: vnc server Albert Gonzalez (Jan 24)
- Re: vnc server ilaiy (Jan 24)
- Re: vnc server Robert J. Stull (Jan 25)
- Re: vnc server phunked up! (Jan 25)
- Re: vnc server xyberpix (Jan 30)
- Re: vnc server hytham . a (Jan 24)
  - Re: vnc server Scott C. Best (Jan 26)
- RE: vnc server Steveb (Jan 25)
- RE: vnc server Malaspinas, Spyro (Jan 26)