Full Disclosure mailing list archives
Re: Is the FBI using email Web bugs?
From: "Gregh" <chows () ozemail com au>
Date: Thu, 8 Jan 2004 10:58:48 +1100
----- Original Message ----- From: "petard" <petard () freeshell org> To: "William Warren" <hescomingsoon () verizon net> Cc: "Ed Carp" <erc () pobox com>; "Richard M. Smith" <rms () computerbytesman com>; <full-disclosure () lists netsys com> Sent: Thursday, January 08, 2004 5:33 AM Subject: Re: [Full-disclosure] Is the FBI using email Web bugs?
On Wed, Jan 07, 2004 at 12:34:58PM -0500, William Warren wrote:Astaro security Linux has a webproxy that has an option(which i use) to block web bugs....:)How can it tell web bugs from any other HTTP requests? The only thing that makes a URL contain a web bug is that I only sent it to you. So if I control images.example.com, and I send you and only you an email that includes the image http://images.example.com/faces/smile.png but on the server smile.png is a script that records information from your HTTP request before generating an image of a smile, how does your proxy distinguish my web bug from a normal image? They only look like obvious web bugs if I need to track thousands of recipients. If I've targeted you, you just can't tell.
One thing that I routinely do for small businesses of one computer only who require access to email and wont hear of NOT using HTML (Oh yeah, it happens!) is install Zone Alarm. Eg, they are too small to afford better or wont listen. In Zone Alarm you can tell it to DISALLOW Outlook Express (or whatever you like) access to different ports. So, I tell it to disallow access to or from port 80 by OE. Thus, a received HTML email with pics and such in it just shows blanks, "x" or placeholders, really. Now, while saying this, if you decided to use some other port to report back on, sure, you would get around this but the majority of spam operators who spam you don't require JUST the "click to remove" to be clicked to verify you DO exist thus send more spam and sell the address to another spammer. They also have port 80 and if the email is clicked on by a typical OE setup, just to delete, it "phones home". For those described earlier in this paragraph, ZA blocking OE in/out on port 80 stops most of the phone home stuff. I don't care if it is a legitimate HTML received email from somewhere where you WANT to receive same. It's blocked and that is that. When I explain how some spammers get your records just by deleting the email, most agree it is OK and for those who don't, if I want to retain them as a customer, I explain how to stop ZA running when they want and why it should be on most of the time. Oh and BTW, these small companies are usually WIN98/ME. Greg. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Is the FBI using email Web bugs? Richard M. Smith (Jan 07)
- Re: Is the FBI using email Web bugs? William Warren (Jan 07)
- Re: Is the FBI using email Web bugs? Azerail (Jan 07)
- Re: Is the FBI using email Web bugs? Ed Carp (Jan 07)
- Re: Is the FBI using email Web bugs? William Warren (Jan 07)
- Re: Is the FBI using email Web bugs? petard (Jan 07)
- RE: Is the FBI using email Web bugs? Geo. (Jan 07)
- Re[2]: Is the FBI using email Web bugs? Thierry (Jan 07)
- Re: Is the FBI using email Web bugs? Gregh (Jan 07)
- Re: Is the FBI using email Web bugs? Ben Nelson (Jan 07)
- Re: Is the FBI using email Web bugs? Gregh (Jan 07)
- RE: Is the FBI using email Web bugs? Poof (Jan 07)
- Re: Is the FBI using email Web bugs? Ben Nelson (Jan 07)
- Re: Is the FBI using email Web bugs? Azerail (Jan 08)
- Re: Is the FBI using email Web bugs? Gregh (Jan 08)
- Re: Is the FBI using email Web bugs? Azerail (Jan 08)
- Re: Is the FBI using email Web bugs? Jonathan A. Zdziarski (Jan 08)
- OT: (*Again?*) Mail Clients (Was: Re: Is the FBI using email Web bugs?) Damian Gerow (Jan 08)
- Re: OT: (*Again?*) Mail Clients (Was: Re: Is the FBI using email Web bugs?) Nico Golde (Jan 08)
- Re: Is the FBI using email Web bugs? William Warren (Jan 07)