mailing list archives
Re: Interesting idea for a covert channel or I just didn't research enough?
From: Bill Weiss <houdini+full-disclosure () clanspum net>
Date: Thu, 6 Oct 2005 22:47:01 +0000
Frank Knobbe(frank () knobbe us)@Thu, Oct 06, 2005 at 04:53:19PM -0500:
On Thu, 2005-10-06 at 16:52 -0400, Michael Holstein wrote:
Webbugs, which use unique URLs under an <IMG> tag, are an excellent
example of using logfiles to <DO STUFF>.
Except that "vi", "less" or "notepad" don't import anything.
You're not looking at your log files with a web browser, do you??
He was referring not to the log viewer executing something, but
transmission of data to the server containing the URL (stored in their
A common spammer trick, used also in more legit ways, is to send an email
with an image in it. The image is actually a CGI script that takes a
parameter, logs it, then kicks out an image. "Webbugs" tend to be 1px
square, and possibly transparent. Using this can automate testing if
email addresses are valid (by sending each address a different unique
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Re: Interesting idea for a covert channel or I just didn't research enough?, (continued)