Full Disclosure: Re: Is the FBI using email Web bugs?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Is the FBI using email Web bugs?

From: Azerail <Azerail () supersecretninjaskills com>
Date: Thu, 8 Jan 2004 02:08:36 -0800

On Thu, 08 Jan 2004, Ben Nelson wrote:

Poof wrote:

Actually- the problem with that is that fine... it won't allow any ports
except for the needed 25/110/143... Then what's to stop an image from using
http://www.spamsite.com:25/110/phonehome.jpg?emailaddress(or whatever)

... Nothing!

Nice try though... Best protection is through your email client. O2K3 does
it native ^^


I realize that, my point was that blocking more is better than blocking 
less.  Whenever you can block everything and allow only the needed 
traffic, you'll be better off.  Removing as many possible 'phone home 
vectors' as possible certainly can't hurt and is good security policy in 
general.

--Ben


Why don't you guys just cut to the root of the problem and not use
mail clients that access files on other people's servers when you read
your mail.  HTML e-mail sucks.

Azerail

-- 
To be wise, the only thing you really need
to know is when to say "I don't know."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

Re: Is the FBI using email Web bugs?, (continued)