Full Disclosure mailing list archives
RE: Is the FBI using email Web bugs?
From: "Gary E. Miller" <gem () rellim com>
Date: Thu, 8 Jan 2004 12:13:00 -0800 (PST)
Yo Todd! On Thu, 8 Jan 2004, Todd Burroughs wrote:
I was wondering what "Web Bug" was, got figuring that it was simply clicking (or automatically clicking) on a link.
A web bug can be much more than that. When you read an HTML email or web page your workstation can send back gobs of information aount you. For a benign web bug check out awstats: http://awstats.sourceforge.net. It is an automated system for collecting web user data. It collects some interesting data on the user using the "awstats.js" web bug. screen size operating system browser type and version java support pdf support flash support etc.... It could easily return any data that is available to the local javascript engine. Depending on security setting it could read/write any file or registry on your local workstation. More malicious "web bugs" are out there. Like active-X controls that install silently and log all your keystrokes. My daughter found several that just pop up porn links on the desktop randomly. Spammers use "web bugs" to turn your IE into silent spam bots. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 gem () rellim com Tel:+1(541)382-8588 Fax: +1(541)382-8676 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Is the FBI using email Web bugs?, (continued)
- RE: Is the FBI using email Web bugs? Poof (Jan 11)
- Re: Is the FBI using email Web bugs? Gary E. Miller (Jan 11)
- auditing / logging while performing pen test n30 (Jan 11)
- Re: auditing / logging while performing pen test Nico Golde (Jan 12)
- Re: auditing / logging while performing pen test Wojciech Pawlikowski (Jan 12)
- RE: auditing / logging while performing pen test Aleksander P. Czarnowski (Jan 12)
- RE: Is the FBI using email Web bugs? Todd Burroughs (Jan 08)
- RE: Is the FBI using email Web bugs? Gary E. Miller (Jan 08)
- RE: Is the FBI using email Web bugs? madsaxon (Jan 08)
- RE: Is the FBI using email Web bugs? Todd Burroughs (Jan 08)
- Re: Is the FBI using email Web bugs? Daniel B (Jan 08)
- Re: Is the FBI using email Web bugs? Gregh (Jan 08)