On Mon, 20 Aug 2001, Bear Giles wrote: > For everything that matches, look for any height and width attributes > for the image. If it's 1, you have a web bug. Even if it's 2-8 or so, > it's probably still a web bug. > ... > 2) on a related note, if you see anything like > <img src="http://spammer.com/images/foo.gif?some-random-string-here"> > you can snip the "?some-random-string-here" part. Their logs may Nah. My first thought, when asked about the technical details of e-mail bugs at a certain company whose name I won't mention to protect the guilty, was, "How do we make sure it doesn't look like a bug?" So you insert this: <img src="http://www.example.com/imgs/18465485943/foo.gif" width=400 height=90> as your company logo in the newsletter or whatever you're sending out. That invokes a servlet or whatever called /imgs which looks at the remainder of the path as a parameter, logs a hit from 18465485943 in your database (we would have associated this with a particular piece of mail that went out) and returns your company logo. You make sure that the header specifies that it expires instantly, of course, so you get information that the message has been forwarded or re-read or whatever. I really don't see any way to protect against these bugs, except not to retrieve external images. And that, as others have mentioned, is not likely to go over so well with a lot of users out there. cjs -- Curt Sampson <cjsat_private> +81 3 5778 0123 http://www.netbsd.org Don't you know, in this new Dark Age, we're all light. --XTC
This archive was generated by hypermail 2b30 : Tue Aug 21 2001 - 10:09:57 PDT
