Penetration Testing mailing list archives
Re: Using viruses in pen-test
From: <c0redump () ackers org uk>
Date: Fri, 13 Oct 2006 14:15:19 +0100
I touched on the below method (1x1 pixel relating to honey tokens) at http://www.tomneaves.co.uk/index.php?itemid=30 a while back. It's an interesting idea.
- Tom----- Original Message ----- From: Clint Laskowski
To: pen-test () securityfocus com Sent: Thursday, October 12, 2006 5:28 AM Subject: RE: Using viruses in pen-test ... If your goal is to see if users open email that they shouldn't, consider sending an HTML email message with a 1x1 pixel image pulled from your website. Use a unique file name for the image that will only be used in the test. Then, after allowing enough time for the users to open the message, check your weblogs to see if the image was downloaded, and at what time. Even better, have unique file names for each email you send out. That way you can tell who read the email ... or at least the fact that a specific email (sent to a specific person) was read at a specific time. However, keep in mind this approach was apparently used by HP recently (see http://news.zdnet.com/2100-1009_22-6121048.html) using a service called ReadNotify, and look where it got them! Use these concepts at your own risk! -- clint ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Using viruses in pen-test neo anderson (Oct 11)
- RE: Using viruses in pen-test lists (Oct 11)
- Re: Using viruses in pen-test David Swafford (Oct 11)
- RE: Using viruses in pen-test Clint Laskowski (Oct 12)
- Re: Using viruses in pen-test c0redump (Oct 13)
- RE: Using viruses in pen-test Clint Laskowski (Oct 12)
- RE: Using viruses in pen-test Omar Herrera (Oct 11)
- Re: Using viruses in pen-test Christoph Puppe (Oct 12)
- <Possible follow-ups>
- RE: Using viruses in pen-test Hagen, Eric (Oct 11)