Security Basics mailing list archives

RE: How to secure my yahoo account

From: "Ferruh Mavituna" <ferruh () mavituna com>
Date: Wed, 28 Jan 2004 09:22:20 +0200

In fact there is no need to check weblog it's hard work to do.

We have some better ideas;
You can code a server-side page (.asp, .php, .jsp etc.), You can set your
page content-type as image after that you can include this to HTML page
like;

<img src="http://myserver.com/dyn.php"; height="0" width="0"> 

OR 

<img src="http://myserver.com/dyn/"; height="0" width="0"> (execute default
directory index -index.php-).

Also in this way you can print  your server-side pages as images.

If you are interested in you can check a sample webbug ASP source-code;
http://ferruh.mavituna.com/article/?428

This webbug log every request and save them in a text file. Also you can add
your own functions (like sending e-mail).



Ferruh.Mavituna
http://feruh.mavituna.com
PGPKey : http://ferruh.mavituna.com/PGPKey.asc

-----Original Message-----
From: Moody, Chris [mailto:cmoody () qualcomm com] 
Sent: Wednesday, January 28, 2004 2:20 AM
To: Ferruh Mavituna; D.E. Chadbourne; security-basics () securityfocus com
Subject: RE: How to secure my yahoo account

No $h!t...great idea.
Have the message reference a image on a webserver..then check the
weblogs. 

-----Original Message-----
From: Ferruh Mavituna [mailto:ferruh () mavituna com] 
Sent: Monday, January 26, 2004 10:04 PM
To: 'D.E. Chadbourne'; security-basics () securityfocus com
Subject: RE: How to secure my yahoo account

Hi;
He's talking about webbugs (or pixeltag), you can embed a dynamic
<image> to
HTML e-mails.

For example;
        <img src="http://yourserver.com/webbug/"; width="0" height="0">

So when e-mail received you can log active IP, time etc.

Also if you make some google searches about "webbug","web
bug","pixeltag",
you can find more info.



Ferruh.Mavituna
http://feruh.mavituna.com
PGPKey : http://ferruh.mavituna.com/PGPKey.asc
-----Original Message-----
From: D.E. Chadbourne [mailto:235u () comcast net] 
Sent: Monday, January 26, 2004 11:59 PM
To: security-basics () securityfocus com
Subject: RE: How to secure my yahoo account

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

<snip>
| 3. See if you can embed some sort of identification image/tag next
| time you send him an email message so that you can get more info
| about him and possibly his isp. But first you might wanna enable your
| yahoo account to allow these tags to show up.
</snip>

hi, what do you mean and how does it work?
thanks.  eric.

- --
http://235u.home.comcast.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAFY2JLlZzXRl+JnERAjBOAJ4wSpF0DjtXeQ4wZEC1jbB3bdZ3ugCg7PIs
JX+Ce5K4Xy5xZXELdI4J1FI=
=RCdN
-----END PGP SIGNATURE-----


------------------------------------------------------------------------
---
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off
any 
course! All of our class sizes are guaranteed to be 10 students or less.

We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion
Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720
off 
any course!  
------------------------------------------------------------------------
----



------------------------------------------------------------------------
---
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off
any 
course! All of our class sizes are guaranteed to be 10 students or less.

We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion
Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720
off 
any course!  
------------------------------------------------------------------------
----





---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------

Current thread:

Re: How to secure my yahoo account, (continued)
- Re: How to secure my yahoo account Brecrost Jones (Jan 20)
  - Re: How to secure my yahoo account Meritt James (Jan 20)
  - RE: How to secure my yahoo account Duston Sickler (Jan 20)
  - Re: How to secure my yahoo account DC O'Dcriscoll & Associates (Jan 27)
- Re: How to secure my yahoo account J. Yoon (Jan 20)
- RE: How to secure my yahoo account Moody, Chris (Jan 21)
- RE: How to secure my yahoo account J. Yoon (Jan 26)
- RE: How to secure my yahoo account D.E. Chadbourne (Jan 26)
  - RE: How to secure my yahoo account Ferruh Mavituna (Jan 27)
- RE: How to secure my yahoo account Moody, Chris (Jan 28)
  - RE: How to secure my yahoo account Ferruh Mavituna (Jan 28)
- RE: How to secure my yahoo account Ow Mun Heng (Jan 29)