Home page logo
/

basics logo Security Basics mailing list archives

RE: www.readnotify.com
From: "Ebeling, Jr., Herman Frederick" <hfebelingjr () lycos com>
Date: Thu, 26 Jan 2006 23:24:25 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----Original Message----
From: Saqib Ali [mailto:docbook.xml () gmail com]
Sent: Thursday, 26 January, 2006 21:40
To: hfebelingjr () lycos com; security-basics () securityfocus com;
ucullus () telus net; swiver () cox net; bugtraq () planetcobalt net
Subject: Re: www.readnotify.com

: :         I mean correct me IF I'm mistaken, but don't the above methods
: : require that one is connected to The Net in order for 'em to work?
:  yes it does.

        Ok, so IF one disconnects from The Net, after d/ling their E-Mail, reads
it all.  And then reconnects to The Net, it is safe to presume that there
isn't some HTML code that's creating a cookie to send that information back
to www.readnotify.com, correct?  And that disconnecting after d/ling ones
E-Mail, and then reconnecting after all of ones E-Mail has been read IS a
good way to "defeat/block" their tracking methods?  Kind of a low-tech way
of circumventing their controls. . .

:
:
: :         And what about the other things that they claim that they can
: : do?  Such the "self-destructing" E-Mails, or the E-Mails that the
: : sender can revoke?
:
: For this, www.ReadNotify.com requires the recipient to click a URL to
read the
: email content. So the content is essentially at their site. They are
: just notifying the intended recipient that a mail wait, and give them
: the URL. The URL points to a Www.ReadNotify.com web page.

        That's kind of crappy isn't it?  I mean don't WE the receiver of E-Mail
have the right to choose where and how we want to receive our E-Mail???

:
: : Or preventing the person who received the E-Mail from either forwarding
: : an E-Mail to another person, or printing said E-Mail out?  Wouldn't any
: : of
: This functionality does NOT work "most" of the. They are just adding
: some JavaScript code along with the HTML that prevent printing. See
: below for the JavaScript code [function pdnp()]. This may work for
: some primitive mail readers, But not for any of the mainstream mail
: readers e.g. Lotus Notes / pine / Mozilla / Thunderbird etc.

        Yeah, I noticed on their web site that they also say that their "silent"
tracking isn't always reliable, as well.

        Uh, I'm no lawyer or anything, but who is www.readnotify.com to tell
Hotmail, Yahoo, or other E-Mail services what they have to do?  I mean
don't the above/below named E-Mail services have the right to control what
code does and doesn't pass through their servers?  And IF they want to
disable/damage "the functionality of this service" isn't that their right?
I mean considering that people rely on being able to get copies of their
E-Mails from their servers for legal actions doesn't that limit their
ability to do so?

: ------------------------------
: <script><!--
: function pdnp() {document.body.innerHTML='&nbsp;';return
: 0;}window.onbeforeprint=pdnp;
: //--></script>
:
<!--_Warning_to_Hotmail_and_Yahoo_and_other_staff:_Before_taking_action_that
_might_damage_the_functionality_of_this_service,_contact_tech () readnotify com
_and_provide_suitable_replacement_techniques.__Failure_to_do_this_will_be_co
nsidered_deliberate_anti-competitive_behavior_and_illegal_trade_baring:_Lega
l_action_from_us_will_result._--><font
: color="#FFFFFF"><div id=hi></div>--<<base foo>Img
:
Src="javascript:eval(unescape('functi%6fn%20pdp()%20{d%6fcument.b%6fdy.inner
HTML%3D%22&nbsp;%22;return%200;}wind%6fw.%6fnbef%6freprint=pdp;'));"
: width=1
: height=1 -><comment></comment>--></font></DIV></BODY></HTML>
: ----------------------------------
:
:
: : that further d/ls software that does what they claim?  And IF they do
: : that, then aren't they in violation of the computer use and abuse act?
: nothing get d/l to the machine. just simple JavaScript.

        Isn't that enough?  I mean it's code that I think it is fairly safe to say
that IF the recipients KNEW about that they wouldn't agree to, right?

Herman
Live Long and Prosper
 ___________________          _-_
 \==============_=_/ ____.---'---`---.____
             \_ \    \----._________.----/
               \ \   /  /    `-_-'
           __,--`.`-'..'-_
          /____          ||-
               `--.____,-'

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3 - not licensed for commercial use: www.pgp.com

iQA/AwUBQ9maeh/i52nbE9vTEQI+0gCgj+A6nSpMdpjZIvmeOYSMUjLF8k0An03S
BcWk2tom5yTm+CGCxcnHYpd3
=ve9o
-----END PGP SIGNATURE-----



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]