Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Is the FBI using email Web bugs?

From: petard <petard () freeshell org>
Date: Wed, 7 Jan 2004 18:33:15 +0000
On Wed, Jan 07, 2004 at 12:34:58PM -0500, William Warren wrote:

Astaro security Linux has a webproxy that has an option(which i use) to 
block web bugs....:)


How can it tell web bugs from any other HTTP requests? The only thing
that makes a URL contain a web bug is that I only sent it to you. So if
I control images.example.com, and I send you and only you an email
that includes the image

http://images.example.com/faces/smile.png

but on the server smile.png is a script that records information from
your HTTP request before generating an image of a smile, how does your
proxy distinguish my web bug from a normal image? They only look like
obvious web bugs if I need to track thousands of recipients. If I've
targeted you, you just can't tell.

Regards,

petard

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: