Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Is the FBI using email Web bugs?

From: "Gregh" <chows () ozemail com au>
Date: Thu, 8 Jan 2004 20:25:34 +1100

----- Original Message -----
From: "Azerail" <Azerail () supersecretninjaskills com>
To: <full-disclosure () lists netsys com>
Sent: Thursday, January 08, 2004 9:08 PM
Subject: Re: [Full-disclosure] Is the FBI using email Web bugs?



On Thu, 08 Jan 2004, Ben Nelson wrote:


Poof wrote:

Actually- the problem with that is that fine... it won't allow any

ports

except for the needed 25/110/143... Then what's to stop an image from

using

http://www.spamsite.com:25/110/phonehome.jpg?emailaddress(or whatever)

... Nothing!

Nice try though... Best protection is through your email client. O2K3

does

it native ^^



I realize that, my point was that blocking more is better than blocking
less.  Whenever you can block everything and allow only the needed
traffic, you'll be better off.  Removing as many possible 'phone home
vectors' as possible certainly can't hurt and is good security policy in
general.

--Ben



Why don't you guys just cut to the root of the problem and not use
mail clients that access files on other people's servers when you read
your mail.  HTML e-mail sucks.



You don't HONESTLY think that is what makes you safe in email do you?

Greg.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: