HTML email "bug", of sorts.

From: Alex Prestin (wakkoat_private)
Date: Sat Aug 18 2001 - 03:17:25 PDT

Next message: [Digital-Vortex]@securityfocus.com: "Hotmail message view exploit"

Previous message: Bennett Samowich: "RE: HTML Form Protocol Attack"
In reply to: Support Info: "Security Update: [CSSA-2001-031.0] Linux -security issues in ucd-snmp"
Next in thread: John D. Hardin: "Re: HTML email "bug", of sorts."
Reply: John D. Hardin: "Re: HTML email "bug", of sorts."
Reply: Russell Garrett: "RE: HTML email "bug", of sorts."
Reply: thomas.roweat_private: "Re: HTML email "bug", of sorts."
Reply: role+bugtraqat_private: "Re: HTML email "bug", of sorts."
Reply: james_kelleyat_private: "Re: HTML email "bug", of sorts."
Reply: Daryl Banttari: "Re: HTML email "bug", of sorts."
Reply: Jon Masters: "Re: HTML email "bug", of sorts."
Reply: Jeffrey W. Baker: "Re: HTML email "bug", of sorts."
Reply: Jason Haar: "Re: HTML email "bug", of sorts."
Reply: Ben Yu: "RE: HTML email "bug", of sorts."
Reply: Sean Straw / PSE: "Re: HTML email "bug", of sorts."
Reply: Jeffrey W. Dronenburg: "Re: HTML email "bug", of sorts."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm not sure this is the proper forum for "conspiracy-theory" bugs, but I
figured this would be of interest to anyone trying to prevent the names of
valid email accounts they either own or administer from being verified and
added to "official" known-good spam rosters.

You may have heard of "web-bugs" before.  Or you may not have.  For the
benefit of the less-experienced, here's what they are and what they do:

"Web bugs" are small, 1x1 (or similar-sized) transparent GIF images which
can be used to track the movement of a user around the web.  About 1 in 10
sites use them.  Their effectiveness at this task is somewhat
questionable, but they can be used more effectively for a different task:

I've started noticing something very disturbing in the HTML in spam mails
recently.  I've started seeing web bugs.  Below is an example from a
recent email:

<img
src="http://www.megahardcoresex.com/sites/XXXXXXXX0 (continued)
3b/sf03b08152001.gif?M=XXXXXXXXX&ID=wakkoat_private" width="1" height="1"> 

See it?  A web bug.  If I opened this mail in an HTML-capable browser,
that little image would've popped up and I would've been none the
wiser.  My address would also have been verified by the sender, and stored
in a large database of valid recipients.

So, anyone have any idea of how to deal with this latest little spammer
toy?  Is there any effective way to filter out web bugs without adversely
affecting the delivery intact of legitimate messages?  Could software
change to at least warn viewers that this HTML viewer is accessing offsite
content?  Is it worth doing?

Anyone?  Bueller?

- A.P.

Next message: [Digital-Vortex]@securityfocus.com: "Hotmail message view exploit"
Previous message: Bennett Samowich: "RE: HTML Form Protocol Attack"
In reply to: Support Info: "Security Update: [CSSA-2001-031.0] Linux -security issues in ucd-snmp"
Next in thread: John D. Hardin: "Re: HTML email "bug", of sorts."
Reply: John D. Hardin: "Re: HTML email "bug", of sorts."
Reply: Russell Garrett: "RE: HTML email "bug", of sorts."
Reply: thomas.roweat_private: "Re: HTML email "bug", of sorts."
Reply: role+bugtraqat_private: "Re: HTML email "bug", of sorts."
Reply: james_kelleyat_private: "Re: HTML email "bug", of sorts."
Reply: Daryl Banttari: "Re: HTML email "bug", of sorts."
Reply: Jon Masters: "Re: HTML email "bug", of sorts."
Reply: Jeffrey W. Baker: "Re: HTML email "bug", of sorts."
Reply: Jason Haar: "Re: HTML email "bug", of sorts."
Reply: Ben Yu: "RE: HTML email "bug", of sorts."
Reply: Sean Straw / PSE: "Re: HTML email "bug", of sorts."
Reply: Jeffrey W. Dronenburg: "Re: HTML email "bug", of sorts."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Aug 18 2001 - 19:52:27 PDT