Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Interesting idea for a covert channel or I just didn't research enough?

From: Bill Weiss <houdini+full-disclosure () clanspum net>
Date: Thu, 6 Oct 2005 22:47:01 +0000
Frank Knobbe(frank () knobbe us)@Thu, Oct 06, 2005 at 04:53:19PM -0500:

On Thu, 2005-10-06 at 16:52 -0400, Michael Holstein wrote:

Webbugs, which use unique URLs under an <IMG> tag, are an excellent 
example of using logfiles to <DO STUFF>.


Except that "vi", "less" or "notepad" don't import anything. 

You're not looking at your log files with a web browser, do you??


He was referring not to the log viewer executing something, but
transmission of data to the server containing the URL (stored in their
logs).

A common spammer trick, used also in more legit ways, is to send an email
with an image in it.  The image is actually a CGI script that takes a
parameter, logs it, then kicks out an image.  "Webbugs" tend to be 1px
square, and possibly transparent.  Using this can automate testing if
email addresses are valid (by sending each address a different unique
tracking URL).

-- 
Bill Weiss

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: