Home page logo

basics logo Security Basics mailing list archives

RE: www.readnotify.com
From: "Ebeling, Jr., Herman Frederick" <hfebelingjr () lycos com>
Date: Thu, 26 Jan 2006 23:24:25 -0500

Hash: SHA1

- ----Original Message----
From: Saqib Ali [mailto:docbook.xml () gmail com]
Sent: Thursday, 26 January, 2006 21:40
To: hfebelingjr () lycos com; security-basics () securityfocus com;
ucullus () telus net; swiver () cox net; bugtraq () planetcobalt net
Subject: Re: www.readnotify.com

: :         I mean correct me IF I'm mistaken, but don't the above methods
: : require that one is connected to The Net in order for 'em to work?
:  yes it does.

        Ok, so IF one disconnects from The Net, after d/ling their E-Mail, reads
it all.  And then reconnects to The Net, it is safe to presume that there
isn't some HTML code that's creating a cookie to send that information back
to www.readnotify.com, correct?  And that disconnecting after d/ling ones
E-Mail, and then reconnecting after all of ones E-Mail has been read IS a
good way to "defeat/block" their tracking methods?  Kind of a low-tech way
of circumventing their controls. . .

: :         And what about the other things that they claim that they can
: : do?  Such the "self-destructing" E-Mails, or the E-Mails that the
: : sender can revoke?
: For this, www.ReadNotify.com requires the recipient to click a URL to
read the
: email content. So the content is essentially at their site. They are
: just notifying the intended recipient that a mail wait, and give them
: the URL. The URL points to a Www.ReadNotify.com web page.

        That's kind of crappy isn't it?  I mean don't WE the receiver of E-Mail
have the right to choose where and how we want to receive our E-Mail???

: : Or preventing the person who received the E-Mail from either forwarding
: : an E-Mail to another person, or printing said E-Mail out?  Wouldn't any
: : of
: This functionality does NOT work "most" of the. They are just adding
: some JavaScript code along with the HTML that prevent printing. See
: below for the JavaScript code [function pdnp()]. This may work for
: some primitive mail readers, But not for any of the mainstream mail
: readers e.g. Lotus Notes / pine / Mozilla / Thunderbird etc.

        Yeah, I noticed on their web site that they also say that their "silent"
tracking isn't always reliable, as well.

        Uh, I'm no lawyer or anything, but who is www.readnotify.com to tell
Hotmail, Yahoo, or other E-Mail services what they have to do?  I mean
don't the above/below named E-Mail services have the right to control what
code does and doesn't pass through their servers?  And IF they want to
disable/damage "the functionality of this service" isn't that their right?
I mean considering that people rely on being able to get copies of their
E-Mails from their servers for legal actions doesn't that limit their
ability to do so?

: ------------------------------
: <script><!--
: function pdnp() {document.body.innerHTML='&nbsp;';return
: 0;}window.onbeforeprint=pdnp;
: //--></script>
_might_damage_the_functionality_of_this_service,_contact_tech () readnotify com
: color="#FFFFFF"><div id=hi></div>--<<base foo>Img
: width=1
: height=1 -><comment></comment>--></font></DIV></BODY></HTML>
: ----------------------------------
: : that further d/ls software that does what they claim?  And IF they do
: : that, then aren't they in violation of the computer use and abuse act?
: nothing get d/l to the machine. just simple JavaScript.

        Isn't that enough?  I mean it's code that I think it is fairly safe to say
that IF the recipients KNEW about that they wouldn't agree to, right?

Live Long and Prosper
 ___________________          _-_
 \==============_=_/ ____.---'---`---.____
             \_ \    \----._________.----/
               \ \   /  /    `-_-'
          /____          ||-

Version: PGP 8.0.3 - not licensed for commercial use: www.pgp.com


The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]