Educause Security Discussion mailing list archives
Re: E-mail Privacy
From: Gary Flynn <flynngn () JMU EDU>
Date: Tue, 25 May 2004 17:00:07 -0400
Glenn Leavell wrote:
Many e-mail clients have a setting to disallow the viewing/loading of remote images, which should neutralize the didtheyreadit service. For example, I know that Mozilla Thunderbird, Eudora, and Squirrelmail all have this option.
I've been using that feature for some time in both Netscape and Mozilla and felt somewhat comfortable until a couple days ago. Then my computer showed up in an IDP report accessing a web site trying an IE exploit. I backtracked through my messages and found a piece of SPAM that caused my Mozilla client to access the web site every time the message was displayed. The message contained: <object-disabled data=3D"http://&#= 119;ww.fatbonusc&#= 97;sino.com/pag= 01;.php"> without the "-disabled" in the object tag Its just an encoded URL but my Mozilla client followed it immediately when the message was displayed. Sigh. More disillusionment. :) I don't see a setting specifically disabling HTML mail rendering of received messages in mozilla, which, I guess would have prevented it. -- Gary Flynn Security Engineer James Madison University ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- E-mail Privacy Javier Torner (May 25)
- <Possible follow-ups>
- Re: E-mail Privacy Herrera Reyna Omar (May 25)
- Re: E-mail Privacy H. Morrow Long (May 25)
- Re: E-mail Privacy H. Morrow Long (May 25)
- Re: E-mail Privacy Glenn Leavell (May 25)
- Re: E-mail Privacy Brian Eckman (May 25)
- Re: E-mail Privacy Gary Flynn (May 25)
- Re: E-mail Privacy Glenn Leavell (May 25)
- Re: E-mail Privacy Brian Eckman (May 25)
- Re: E-mail Privacy Dan Oachs (May 25)