OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: John D. Hardin (jhardinimpsec.org)
Date: Sat Aug 18 2001 - 23:40:05 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Sat, 18 Aug 2001, Alex Prestin wrote:

    > <DEFANGED_IMG
    > src="http://www.megahardcoresex.com/sites/XXXXXXXX0 (continued)
    > 3b/sf03b08152001.gif?M=XXXXXXXXX&ID=wakkobitey.net" width="1" height="1">
    >
    > See it? A web bug. If I opened this mail in an HTML-capable
    > browser, that little image would've popped up and I would've been
    > none the wiser. My address would also have been verified by the
    > sender, and stored in a large database of valid recipients.

    This is well-known. BGSOUND tags are also vulnerable to misuse in this
    manner.

    > So, anyone have any idea of how to deal with this latest little
    > spammer toy? Is there any effective way to filter out web bugs
    > without adversely affecting the delivery intact of legitimate
    > messages?

    http://www.impsec.org/email-tools/procmail-security.html

    (If you're running a procmail-capable mail server.)

    Looking at the tag above shows you what it does...

    --
     John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
     jhardinimpsec.org        pgpk -a finger://gonzo.wolfenet.com/jhardin
      768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
     1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
    -----------------------------------------------------------------------
      In 1998 more than three times as many people in the US were killed
      by incompetent physicians than were killed by handguns, yet the
      President of the A.M.A. is adopting "gun safety" as his platform.
    -----------------------------------------------------------------------
       1172 days until the Presidential Election