Security Basics mailing list archives
RE: www.readnotify.com
From: "Ebeling, Jr., Herman Frederick" <hfebelingjr () lycos com>
Date: Thu, 26 Jan 2006 23:24:25 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----Original Message---- From: Saqib Ali [mailto:docbook.xml () gmail com] Sent: Thursday, 26 January, 2006 21:40 To: hfebelingjr () lycos com; security-basics () securityfocus com; ucullus () telus net; swiver () cox net; bugtraq () planetcobalt net Subject: Re: www.readnotify.com : : I mean correct me IF I'm mistaken, but don't the above methods : : require that one is connected to The Net in order for 'em to work? : yes it does. Ok, so IF one disconnects from The Net, after d/ling their E-Mail, reads it all. And then reconnects to The Net, it is safe to presume that there isn't some HTML code that's creating a cookie to send that information back to www.readnotify.com, correct? And that disconnecting after d/ling ones E-Mail, and then reconnecting after all of ones E-Mail has been read IS a good way to "defeat/block" their tracking methods? Kind of a low-tech way of circumventing their controls. . . : : : : And what about the other things that they claim that they can : : do? Such the "self-destructing" E-Mails, or the E-Mails that the : : sender can revoke? : : For this, www.ReadNotify.com requires the recipient to click a URL to read the : email content. So the content is essentially at their site. They are : just notifying the intended recipient that a mail wait, and give them : the URL. The URL points to a Www.ReadNotify.com web page. That's kind of crappy isn't it? I mean don't WE the receiver of E-Mail have the right to choose where and how we want to receive our E-Mail??? : : : Or preventing the person who received the E-Mail from either forwarding : : an E-Mail to another person, or printing said E-Mail out? Wouldn't any : : of : This functionality does NOT work "most" of the. They are just adding : some JavaScript code along with the HTML that prevent printing. See : below for the JavaScript code [function pdnp()]. This may work for : some primitive mail readers, But not for any of the mainstream mail : readers e.g. Lotus Notes / pine / Mozilla / Thunderbird etc. Yeah, I noticed on their web site that they also say that their "silent" tracking isn't always reliable, as well. Uh, I'm no lawyer or anything, but who is www.readnotify.com to tell Hotmail, Yahoo, or other E-Mail services what they have to do? I mean don't the above/below named E-Mail services have the right to control what code does and doesn't pass through their servers? And IF they want to disable/damage "the functionality of this service" isn't that their right? I mean considering that people rely on being able to get copies of their E-Mails from their servers for legal actions doesn't that limit their ability to do so? : ------------------------------ : <script><!-- : function pdnp() {document.body.innerHTML=' ';return : 0;}window.onbeforeprint=pdnp; : //--></script> : <!--_Warning_to_Hotmail_and_Yahoo_and_other_staff:_Before_taking_action_that _might_damage_the_functionality_of_this_service,_contact_tech () readnotify com _and_provide_suitable_replacement_techniques.__Failure_to_do_this_will_be_co nsidered_deliberate_anti-competitive_behavior_and_illegal_trade_baring:_Lega l_action_from_us_will_result._--><font : color="#FFFFFF"><div id=hi></div>--<<base foo>Img : Src="javascript:eval(unescape('functi%6fn%20pdp()%20{d%6fcument.b%6fdy.inner HTML%3D%22 %22;return%200;}wind%6fw.%6fnbef%6freprint=pdp;'));" : width=1 : height=1 -><comment></comment>--></font></DIV></BODY></HTML> : ---------------------------------- : : : : that further d/ls software that does what they claim? And IF they do : : that, then aren't they in violation of the computer use and abuse act? : nothing get d/l to the machine. just simple JavaScript. Isn't that enough? I mean it's code that I think it is fairly safe to say that IF the recipients KNEW about that they wouldn't agree to, right? Herman Live Long and Prosper ___________________ _-_ \==============_=_/ ____.---'---`---.____ \_ \ \----._________.----/ \ \ / / `-_-' __,--`.`-'..'-_ /____ ||- `--.____,-' -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 - not licensed for commercial use: www.pgp.com iQA/AwUBQ9maeh/i52nbE9vTEQI+0gCgj+A6nSpMdpjZIvmeOYSMUjLF8k0An03S BcWk2tom5yTm+CGCxcnHYpd3 =ve9o -----END PGP SIGNATURE----- --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- vnc server Jared Lyvers (Jan 23)
- Mobile VLAN Gabriel Orozco (Jan 24)
- Re: Mobile VLAN Bernardo Wernesback (Jan 25)
- Re: Mobile VLAN Rodrigo Blanco (Jan 26)
- Re: Mobile VLAN Bernardo Wernesback (Jan 25)
- RE: vnc server Brent P. Gardner (Jan 24)
- Re: vnc server Philippe De Ryck (Jan 24)
- readnotify.com Ebeling, Jr., Herman Frederick (Jan 24)
- Re: readnotify.com Ansgar -59cobalt- Wiechers (Jan 25)
- Re: readnotify.com Saqib Ali (Jan 26)
- Message not available
- Re: www.readnotify.com Saqib Ali (Jan 27)
- RE: www.readnotify.com Ebeling, Jr., Herman Frederick (Jan 27)
- Re: readnotify.com Ansgar -59cobalt- Wiechers (Jan 25)
- Mobile VLAN Gabriel Orozco (Jan 24)
- RE: www.readnotify.com Ebeling, Jr., Herman Frederick (Jan 27)
- RE: readnotify.com Ebeling, Jr., Herman Frederick (Jan 25)
- RE: readnotify.com evb (Jan 25)
- RE: readnotify.com Ebeling, Jr., Herman Frederick (Jan 26)
- Re: readnotify.com Saqib Ali (Jan 27)
- RE: www.readnotify.com Ebeling, Jr., Herman Frederick (Jan 27)