The beatch is probably collecting our addresses for spam.
To proof the theory:
I will open the e-mail with a mail client with a new e-mail address
(when I get home tonight) and see how much spam I will receive. I will
give a report when I receive some significant spam or if I have not received
an
On Wed, 12 May 2004, Felipe Angoitia wrote:
> Hi abhilash verma and the rest... Why do you include this in your
> mails? tracking full-disclosure readers which use html rendering muas?
Sounds like a good reason to *not* use certain MUAs to me. Your choice,
after all.
Hint: my MUA renders HTML.
On Wed, 12 May 2004, KUIJPERS Jimmy wrote:
> I will open the e-mail with a mail client with a new e-mail address
> (when I get home tonight) and see how much spam I will receive. I will
> give a report when I receive some significant spam or if I have not
> received any spam for days and days.
Un
>Sounds like a good reason to *not* use certain MUAs to me. Your choice,
>after all.
Not really, my entreprise choice in this concrete case.
And which MUA to use is not the matter now I think.
bye
___
Full-Disclosure - We believe in it.
Charter: http:
>>> Dave Horsfall <[EMAIL PROTECTED]> 12/05/2004 13:13:07 >>>
> Unless you have a cryptographically-secure way of generating new email
> addresses, you will not have proved anything.
One of the interesting things I did when tweaking something on a website was to
include a piece of code which does
Are you going to tell me you didn't see this ad in your
MUA?Then, it doesn´t render HTML!Since the
ignomious "web bug" is only a simple plain vainilla ad contained in all messages
sent from Rediffmail, a web based mail service.
Iñigo KochRed Segura
-Mensaje
original-De: [
Why a "cryptographically-secure way of generating new email" ??
I will just use a clean installation of an e-mail client and configure it with a
freshly created e-mail account. (not a free one,
but from my ISP so I know it won't be targeted by spam senders already).
Then in that e-mail account I
On Wed, 12 May 2004 15:38:47 +0200, Felipe Angoitia <[EMAIL PROTECTED]> said:
> >Sounds like a good reason to *not* use certain MUAs to me. Your choice,
> >after all.
> Not really, my entreprise choice in this concrete case.
> And which MUA to use is not the matter now I think.
All the major MU
>Given the recent Novell announcement regarding the GPL'ing of
>Evolution Connector, there's little to no excuse for using the
>remaining one.
When my distro gets out evolution packages with the the connector
included I'll give it a chance but until so I must use
vmware+w2k+outlook to access our c
I am really
curious to know how you can collect e-mail
addresses from a plain image fed from a website shown on an
e-mail.
IP,
yes. User-agent, yes. But e-mail
addresses???
The beatch is probably collecting our addresses for spam.
Definition:
beatch = a bi**h lying on a bea
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yo Jimmy!
On Wed, 12 May 2004, KUIJPERS Jimmy wrote:
> I see no reason whatsoever why I should generate the e-mail address in a
> cryptographic manner... .whatever that may mean (since when
> do we create an email address via a "cryptographically-se
ons\Mail\ReadAs
Plain
Set the DWORD value to 1
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> [EMAIL PROTECTED]
> Sent: Wednesday, May 12, 2004 11:00 AM
> To: Felipe Angoitia
> Cc: Full Disclosure List
> Subject: Re: [Full-
> Hi abhilash verma and the rest...
> Why do you include this in your mails? tracking full-disclosure readers which use
> html
> rendering muas?
>
> http://clients.rediff.com/signature/track_sig.asp";> SRC="http://ads.rediff.com/RealMedia/ads/adstream_nx.cgi/www.rediffmail.com/[EMAIL
> PROTECTE
What do you use that does that?
Regards,
Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web
At 06:49 AM 5/12/2004, Dave Horsfall wrote:
On Wed, 12 May 2004, Felipe Angoitia wrote:
On Wednesday 12 May 2004 17:01, Alerta Redsegura wrote:
> Are you going to tell me you didn't see this ad in your MUA?
> Then, it doesn´t render HTML!
In fact yes I will tell you that. My MUA renders HTML (if you tell it to
render it globally or if you tell it exokicitly for a specific mail). but
They probably use this in order to track if the email was opened and
maybe who opened it, at least IP or server etc. This only works
with some email clients.
If the recipient is using an email client this works on it is a very
reliable way to measure if the email was opened, the IP or server of
On Wed, May 12, 2004 at 10:16:23AM -0500, Alerta Redsegura wrote:
> I am really curious to know how you can collect e-mail addresses from a
> plain image fed from a website shown on an e-mail.
>
> IP, yes. User-agent, yes. But e-mail addresses???
You don't _collect_ email addresses (they obviou
In the specific case we are talking about here:
1. Somebody sends a message to the list from a web-based e-mail service.
2. All messages sent from this web-based e-mail service have a banner.
3. The banner is an "img" tag with an "a href" to click on it.
4. The banner is not shown via "script" tag
On Wed, May 12, 2004 at 12:46:52PM -0500, Alerta Redsegura wrote:
> Now, I repeat the question:
You mean ask your question differently, ;)
> How can the web-based email service in this particular case, gather email
> addresses from the members of this list via this banner?
The original poster sa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yo Valids!
On Wed, 12 May 2004 [EMAIL PROTECTED] wrote:
> For all the grief I give Microsoft, I *do* have to admit that there's only
> a few network-engineering feats of a similar size and scale
And gotta love the flavors of the BSD OS that does
On Wed, 12 May 2004 09:41:04 PDT, "Gary E. Miller" said:
> last week. Hundreds of emails to invalid email accounts for every valid
> one. Their poor server could not stand up to the load.
And remember guys - "their poor server" is a huge affair, even months ago it
was bouncing *billions* of spa
On Wed, 12 May 2004 22:24:18 +0530, "Aditya, ALD [Aditya Lalit Deshmukh]" <[EMAIL
PROTECTED]> said:
> this is not included by them intentionally but by rediff.com a stupid free
> email site that does nothing but shove advertisements here and there. both the
> server are blocked on my lan. and al
On Wed, 12 May 2004, KUIJPERS Jimmy wrote:
> Why a "cryptographically-secure way of generating new email" ??
Because otherwise your nice new email address could be the victim of a
dictionary attack, and you will not have proved anything either way.
-- Dave
__
On Wed, 12 May 2004, Alerta Redsegura wrote:
> Are you going to tell me you didn't see this ad in your MUA?
> Then, it doesn´t render HTML!
You have no idea what you're talking about.
-- Dave
___
Full-Disclosure - We believe in it.
Charter: http://lis
On Wed, 12 May 2004, Nancy Kramer wrote:
> What do you use that does that?
It's in my headers - Pine.
-- Dave
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
On Wed, 12 May 2004, Marek Isalski wrote:
> Each visitor is given a different email address. It's made up of their
> IP address, the Unix time and a partial hash value, encrypted with a
> private Serpent-256 key.
Yep, and that way you can see who sold it to whom.
-- Dave
__
>The original poster said "track" not "collect" email
addressesNo no, he said: "The beatch [sic] is
probably collecting our addresses for spam".>I don't think in
this case you could (unless you were either matching IPs, or>there is
other information in the request that certain MUAs give out)
> And gotta love the flavors of the BSD OS that does it for them!
ms will deny that saying that hotmail runs on windows !
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
___
ok, ok its a simple ad which is included by default in all the mails from that webmail
service. its clear now, thanks and sorry about my paranoias.
by all
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter
Thanks, its a very usefull trick.
bye
-Mensaje original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] nombre de Duquette,
John
Enviado el: miércoles, 12 de mayo de 2004 18:44
Para: Full Disclosure List
Asunto: RE: [Full-Disclosure] leaking
Unfortunately in a controlled environment
>> Each visitor is given a different email address. It's made up of their
>> IP address, the Unix time and a partial hash value, encrypted with a
>> private Serpent-256 key.
>>> Dave Horsfall <[EMAIL PROTECTED]> 13/05/2004 03:50:14 >>>
> Yep, and that way you can see who sold it to whom.
Absolut
[SNIP]
>
> For all the grief I give Microsoft, I *do* have to admit that there's only
> a few network-engineering feats of a similar size and scale
>
but, on unix based OS systems ! Solaris for the most part if I
recall, though I think there was a large smattering of *BSD in the mi
32 matches
Mail list logo
