Vulnerability Development mailing list archives
Re: actions to jump2.eudora.com
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Mon, 28 Aug 2000 17:27:28 +0200
Hmm... Is there any option "Check for upgrades"? Agree, it may under some conditions be undesirable to have this information disclosed, however I highly suspect that your SMTP traffic will reveal version and, maybe, operating system. The exact version number is quite stupid of them to reveal (and should serve little purpose) Additionally, this feature is quite likely to cause undesirable phone calls for several small networks using ISDN or modems along with dail on demand NATs; POP3'ing your local SMTPd will result in HTTP to eudora, not the most obvious problem, eh? :) My .02 EUR on the subject. ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
0x0020 5018 2530 7d37 0000 4745 5420 2f6a 756d P.%0}7..GET./jum 0x0030 702e 6367 693f 6163 7469 6f6e 3d75 7064 p.cgi?action=upd 0x0040 6174 6526 706c 6174 666f 726d 3d57 696e ate&platform=Win 0x0050 646f 7773 2532 3039 3825 3230 762e 2532 dows%2098%20v.%2 0x0060 3034 2e31 302e 3232 3232 2670 726f 6475 04.10.2222&produ 0x0070 6374 3d45 7564 6f72 6126 7665 7273 696f ct=Eudora&versio 0x0080 6e3d 342e 332e 322e n=4.3.2. i think this is surely interessting.. eudora sending info without my approving.. haven't we seen the same thing with serv-u? at least my firewall has some new entries now..;)
Current thread:
- actions to jump2.eudora.com Peter Batenburg (Aug 27)
- Re: actions to jump2.eudora.com Igor Mozolevsky (Aug 27)
- Re: actions to jump2.eudora.com sigfrid (Aug 27)
- Re: actions to jump2.eudora.com Bluefish (P.Magnusson) (Aug 28)
- Re: actions to jump2.eudora.com Bluefish (P.Magnusson) (Aug 28)
- Re: actions to jump2.eudora.com Bluefish (P.Magnusson) (Aug 28)
- Re: actions to jump2.eudora.com Bluefish (P.Magnusson) (Aug 28)