Re: Is the FBI using email Web bugs?

["Gregh" <chows () ozemail com au>]

----- Original Message -----
From: "petard" <petard () freeshell org>
To: "William Warren" <hescomingsoon () verizon net>
Cc: "Ed Carp" <erc () pobox com>; "Richard M. Smith"
<rms () computerbytesman com>; <full-disclosure () lists netsys com>
Sent: Thursday, January 08, 2004 5:33 AM
Subject: Re: [Full-disclosure] Is the FBI using email Web bugs?


> On Wed, Jan 07, 2004 at 12:34:58PM -0500, William Warren wrote:
> > Astaro security Linux has a webproxy that has an option(which i use) to
> > block web bugs....:)
> How can it tell web bugs from any other HTTP requests? The only thing
> that makes a URL contain a web bug is that I only sent it to you. So if
> I control images.example.com, and I send you and only you an email
> that includes the image
>
> http://images.example.com/faces/smile.png
>
> but on the server smile.png is a script that records information from
> your HTTP request before generating an image of a smile, how does your
> proxy distinguish my web bug from a normal image? They only look like
> obvious web bugs if I need to track thousands of recipients. If I've
> targeted you, you just can't tell.


One thing that I routinely do for small businesses of one computer only who
require access to email and wont hear of NOT using HTML (Oh yeah, it
happens!) is install Zone Alarm. Eg, they are too small to afford better or
wont listen. In Zone Alarm you can tell it to DISALLOW Outlook Express (or
whatever you like) access to different ports. So, I tell it to disallow
access to or from port 80 by OE. Thus, a received HTML email with pics and
such in it just shows blanks, "x" or placeholders, really. Now, while saying
this, if you decided to use some other port to report back on, sure, you
would get around this but the majority of spam operators who spam you don't
require JUST the "click to remove" to be clicked to verify you DO exist thus
send more spam and sell the address to another spammer. They also have port
80 and if the email is clicked on by a typical OE setup, just to delete, it
"phones home". For those described earlier in this paragraph, ZA blocking OE
in/out on port 80 stops most of the phone home stuff.

I don't care if it is a legitimate HTML received email from somewhere where
you WANT to receive same. It's blocked and that is that. When I explain how
some spammers get your records just by deleting the email, most agree it is
OK and for those who don't, if I want to retain them as a customer, I
explain how to stop ZA running when they want and why it should be on most
of the time. Oh and BTW, these small companies are usually WIN98/ME.

Greg.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html