Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Interesting idea for a covert channel or I just didn't research enough?
From: Bill Weiss <houdini+full-disclosure () clanspum net>
Date: Thu, 6 Oct 2005 22:47:01 +0000

Frank Knobbe(frank () knobbe us)@Thu, Oct 06, 2005 at 04:53:19PM -0500:
On Thu, 2005-10-06 at 16:52 -0400, Michael Holstein wrote:
Webbugs, which use unique URLs under an <IMG> tag, are an excellent 
example of using logfiles to <DO STUFF>.

Except that "vi", "less" or "notepad" don't import anything. 

You're not looking at your log files with a web browser, do you??

He was referring not to the log viewer executing something, but
transmission of data to the server containing the URL (stored in their
logs).

A common spammer trick, used also in more legit ways, is to send an email
with an image in it.  The image is actually a CGI script that takes a
parameter, logs it, then kicks out an image.  "Webbugs" tend to be 1px
square, and possibly transparent.  Using this can automate testing if
email addresses are valid (by sending each address a different unique
tracking URL).

-- 
Bill Weiss

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault