Yo Paulo!
On Sun, 11 Jan 2004, Paulo Pereira wrote:
> Isn't it true that transparent caching systems defeat the purpose of web
> bugs?
Nope. The benign awstats.js web bug sends back info on the victim
host as a unique http GET request. Almost any data the bug creator wants
could be encoded in
Of Paulo Pereira
> Sent: Sunday, January 11, 2004 9:45 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [Full-Disclosure] Is the FBI using email Web bugs?
>
> Isn't it true that transparent caching systems defeat the purpose of web
> bugs?
>
> Sure that whoever is running the
Isn't it true that transparent caching systems defeat the purpose of web
bugs?
Sure that whoever is running the bug still knows that his email is being
read but he loses the ability to get the specific addresses and only gets
the address of the cache.
Paulo Pereira
__
> Feature++ = bloat = bugs++. In the interest of fairness, this is shown
> on the mutt.org bugs page too. Mutt has many features, and lots of bugs.
If you believe security to be lack of bugs, then to you lack of features
== security, however this is an incorrect statement IMHO. To me,
however, t
On Thu, 8 Jan 2004, bryce wrote:
> Date: Thu, 08 Jan 2004 19:44:44 -0800
> From: bryce <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: [Full-Disclosure] Is the FBI using email Web bugs?
>
> Azerail wrote:
> > On Thu, 08 Jan 2004, Jonathan A. Zdziarski wr
On Thu, 8 Jan 2004, Gary E. Miller wrote:
> Yo Todd!
>
> On Thu, 8 Jan 2004, Todd Burroughs wrote:
>
> > I was wondering what "Web Bug" was, got figuring that it was simply
> > clicking (or automatically clicking) on a link.
>
> A web bug can be much more than that. When you read an HTML email or
On Thu, 08 Jan 2004, bryce wrote:
> Azerail wrote:
> >On Thu, 08 Jan 2004, Jonathan A. Zdziarski wrote:
> >
> >
> >>>Actually, my email client "mutt" makes me feel quite safe. Is there
> >>>something I am overlooking?
> >>
> >>Lack of features != security
> >>
> >
> >
> >I'm sorry, you've just pr
Azerail wrote:
On Thu, 08 Jan 2004, Jonathan A. Zdziarski wrote:
Actually, my email client "mutt" makes me feel quite safe. Is there
something I am overlooking?
Lack of features != security
I'm sorry, you've just proved beyond a doubt that you don't know what
you are talking about. Sorry to
On Thu, 08 Jan 2004, Jonathan A. Zdziarski wrote:
>
> > Actually, my email client "mutt" makes me feel quite safe. Is there
> > something I am overlooking?
>
> Lack of features != security
>
I'm sorry, you've just proved beyond a doubt that you don't know what
you are talking about. Sorry to
Hallo Damian,
* Damian Gerow <[EMAIL PROTECTED]> [2004-01-08 23:07]:
[...]
> And mutt is, by far, the cleanest and most feature-rich MUA in the list.
> TheBat! comes in at a close second, but everything else falls to a distant
> something else.
>
> It's fast, it's clean, it's straightforward, i
> Lack of features != security
lol @ mutt having a lack of features - what do you miss there that a mail
client should have?
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
At 12:13 PM 1/8/2004 -0800, Gary E. Miller wrote:
A web bug can be much more than that. When you read an HTML email or
web page your workstation can send back gobs of information aount you.
True. And FYI, "Web bug" does not refer to "bug" as in
"software flaw," as someone who posted earlier seems
Yo Todd!
On Thu, 8 Jan 2004, Todd Burroughs wrote:
> I was wondering what "Web Bug" was, got figuring that it was simply
> clicking (or automatically clicking) on a link.
A web bug can be much more than that. When you read an HTML email or
web page your workstation can send back gobs of informa
El jueves 08 de enero a las 13:58, Jonathan A. Zdziarski escribió:
>Lack of features
I thought we were talking about mutt here. When did the topic
change?
--
** Blog Overflow: http://chema.homelinux.org **
No software patents in Europe
http://EuropeSwPatentFree.hispalinux.es - EuropeSwP
Thus spake Jonathan A. Zdziarski ([EMAIL PROTECTED]) [08/01/04 14:35]:
> Lack of features != security
In the past three years, I have used (for longer than a period of two
weeks):
- Eudora 5/6
- Outlook
- Outlook Express
- Thunderbird
- Netscape Mail
- Evolution
- KMai
> -Original Message-
> From: Jonathan A. Zdziarski [mailto:[EMAIL PROTECTED]
>
> Lack of features != security
>
However, lack of complexity does make security *easier*.
Cory Altheide
Senior Network Forensics Specialist
NNSA Information Assurance Response Center (IARC)
[EMAIL PROTECTED]
> Actually, my email client "mutt" makes me feel quite safe. Is there
> something I am overlooking?
Lack of features != security
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
On Thu, 08 Jan 2004, Gregh wrote:
>
> You don't HONESTLY think that is what makes you safe in email do you?
>
> Greg.
>
Actually, my email client "mutt" makes me feel quite safe. Is there
something I am overlooking?
Azerail
--
Life is the childhood of our immortality.
-- Go
- Original Message -
From: "Daniel B" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, January 08, 2004 7:51 PM
Subject: Re: [Full-Disclosure] Is the FBI using email Web bugs?
> "Gregh" <[EMAIL PROTECTED]> wrote:
>
> >
> &g
- Original Message -
From: "Azerail" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, January 08, 2004 9:08 PM
Subject: Re: [Full-Disclosure] Is the FBI using email Web bugs?
> On Thu, 08 Jan 2004, Ben Nelson wrote:
>
> > Poof wrote:
>
"Gregh" <[EMAIL PROTECTED]> wrote:
>
> - Original Message -
> From: "Poof" <[EMAIL PROTECTED]>
> To: "'Gregh'" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Thursday, January 08, 2004 1:22 PM
&g
On Thu, 08 Jan 2004, Ben Nelson wrote:
> Poof wrote:
> >Actually- the problem with that is that fine... it won't allow any ports
> >except for the needed 25/110/143... Then what's to stop an image from using
> >http://www.spamsite.com:25/110/phonehome.jpg?emailaddress(or whatever)
> >
> >... Nothi
- Original Message -
From: "Poof" <[EMAIL PROTECTED]>
To: "'Gregh'" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, January 08, 2004 1:22 PM
Subject: RE: [Full-Disclosure] Is the FBI using email Web bugs?
> Actually- the p
rtainly can't hurt and is good security policy in
general.
--Ben
~
-Original Message-
From: [EMAIL PROTECTED] [mailto:full-disclosure-
[EMAIL PROTECTED] On Behalf Of Ben Nelson
Sent: Wednesday, January 07, 2004 7:34 PM
To: Gregh
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] I
> Can we blow off the FUD on images embedded in HTML mails? Whenever I see
> the term "Web Bug" used I know that I will have to find factual
> information on the subject discussed from another source.
Thank you.
I was wondering what "Web Bug" was, got figuring that it was simply
clicking (or auto
>From: "Poof" <[EMAIL PROTECTED]>
>To: "'Gregh'" <[EMAIL PROTECTED]>
>Subject: RE: [Full-Disclosure] Is the FBI using email Web bugs?
>Date: Wed, 07 Jan 2004 21:22:54 -0500
>
> Actually- the problem with that is that fine... it won&
ail client. O2K3 does
it native ^^
~
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:full-disclosure-
> [EMAIL PROTECTED] On Behalf Of Ben Nelson
> Sent: Wednesday, January 07, 2004 7:34 PM
> To: Gregh
> Cc: [EMAIL PROTECTED]
> Subject: Re: [Full-Disclosure]
- Original Message -
From: "Ben Nelson" <[EMAIL PROTECTED]>
To: "Gregh" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, January 08, 2004 11:33 AM
Subject: Re: [Full-Disclosure] Is the FBI using email Web bugs?
> Gregh wrote:
> >
f
Qwik-Fix
<http://www.qwik-fix.net>
-Original Message-
From: Richard M. Smith [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 07, 2004 7:24 AM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Is the FBI using email Web bugs?
Hmm, is an "Internet Protocol Address Verifi
Gregh wrote:
wont listen. In Zone Alarm you can tell it to DISALLOW Outlook Express (or
whatever you like) access to different ports. So, I tell it to disallow
access to or from port 80 by OE. Thus, a received HTML email with pics and
such in it just shows blanks, "x" or placeholders, really. Now,
Yes they are, according to this post on slashdot:
http://slashdot.org/comments.pl?sid=91830&cid=7902884
The poster appearently asked the reporter and the reporter said that it
was commonly called a "Webbug" but he was using the terminology in the
goverment search warrent.
Richard M. Smith wrote:
- Original Message -
From: "petard" <[EMAIL PROTECTED]>
To: "William Warren" <[EMAIL PROTECTED]>
Cc: "Ed Carp" <[EMAIL PROTECTED]>; "Richard M. Smith"
<[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, January
[EMAIL PROTECTED] wrote:
On Wed, 07 Jan 2004 11:08:49 CST, Ed Carp said:
or a firewall/proxy that blocks web bugs..:)
Good luck! How would you do such a thing?
http://www.privoxy.org is one such beast.
I was about to post the word 'privoxy', but then I thought: Naa, surfing and e-mail webbug
Hello petard,
p> How can it tell web bugs from any other HTTP requests?
[1] You create an image specificaly for this purpose.
[2] HTTP Referer (for some)
mailbox:/y|/data/netscape/users/default/mail/sent?id
mailbox/home/hs/nsmail/Listen.sbd/_debian.sbd
mailbox:/home/usr//alfp
mailbox:/root/ns
At 02:27 PM 1/7/2004 -0500, [EMAIL PROTECTED] wrote:
http://www.privoxy.org is one such beast.
I've been using Privoxy for well over a year now.
Highly recommend it if you're forced to use Windoze
for whatever reason.
m5x
___
Full-Disclosure - We beli
http://www.nthelp.com/OEtest/oe.htm
it's all in how you code the link, email can be sent to thousands each with
a different link coding which points to the same website and you can confirm
which people read the email.
Geo.
-Original Message-
>>How can it tell web bugs from any other HTTP
On Wed, 07 Jan 2004 11:08:49 CST, Ed Carp said:
> > or a firewall/proxy that blocks web bugs..:)
>
>
> Good luck! How would you do such a thing?
http://www.privoxy.org is one such beast.
pgp0.pgp
Description: PGP signature
On Wed, Jan 07, 2004 at 12:34:58PM -0500, William Warren wrote:
> Astaro security Linux has a webproxy that has an option(which i use) to
> block web bugs:)
>
How can it tell web bugs from any other HTTP requests? The only thing
that makes a URL contain a web bug is that I only sent it to you
Astaro security Linux has a webproxy that has an option(which i use) to
block web bugs:)
Ed Carp wrote:
or a firewall/proxy that blocks web bugs..:)
Good luck! How would you do such a thing?
--
May God Bless you and everything you touch.
My "foundation" verse:
Isaiah 54:17 No we
On Wed, 07 Jan 2004, William Warren wrote:
> or a firewall/proxy that blocks web bugs..:)
>
Or an email client that doesn't use HTML.
Azerail
--
The capacity to learn is a gift;
The ability to learn is a skill;
The willingness to learn is a choice.
-- Rebec of Ginaz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I suspect it is something differnt that actually uses something in TCP
to try to create the type of 3 way handshake you get with TCP and that
the tool is just being described wrong by people who don't really
understand what it does.
There is a mjor prob
> or a firewall/proxy that blocks web bugs..:)
Good luck! How would you do such a thing?
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
or a firewall/proxy that blocks web bugs..:)
Richard M. Smith wrote:
Hmm, is an "Internet Protocol Address Verifier" just an email Web bug? If
so, the suspect should have been using Outlook 2003 which blocks 'em. ;-)
Richard
Feds thwart extortion plot against Best Buy
http://www.startribune.com
Hmm, is an "Internet Protocol Address Verifier" just an email Web bug? If
so, the suspect should have been using Outlook 2003 which blocks 'em. ;-)
Richard
Feds thwart extortion plot against Best Buy
http://www.startribune.com/stories/535/4304797.html
The federal search warrant was obtained t
44 matches
Mail list logo