Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Is the FBI using email Web bugs?

From: Azerail <Azerail () supersecretninjaskills com>
Date: Thu, 8 Jan 2004 02:08:36 -0800
On Thu, 08 Jan 2004, Ben Nelson wrote:


Poof wrote:

Actually- the problem with that is that fine... it won't allow any ports
except for the needed 25/110/143... Then what's to stop an image from using
http://www.spamsite.com:25/110/phonehome.jpg?emailaddress(or whatever)

... Nothing!

Nice try though... Best protection is through your email client. O2K3 does
it native ^^



I realize that, my point was that blocking more is better than blocking 
less.  Whenever you can block everything and allow only the needed 
traffic, you'll be better off.  Removing as many possible 'phone home 
vectors' as possible certainly can't hurt and is good security policy in 
general.

--Ben



Why don't you guys just cut to the root of the problem and not use
mail clients that access files on other people's servers when you read
your mail.  HTML e-mail sucks.

Azerail

-- 
To be wise, the only thing you really need
to know is when to say "I don't know."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: