[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Is the FBI using email Web bugs?

To: Poof <gui@goddessmoon.org>
Subject: Re: [Full-Disclosure] Is the FBI using email Web bugs?
From: Ben Nelson <lists@venom600.org>
Date: Thu, 08 Jan 2004 00:05:45 -0700

Poof wrote:

Actually- the problem with that is that fine... it won't allow any ports
except for the needed 25/110/143... Then what's to stop an image from using
http://www.spamsite.com:25/110/phonehome.jpg?emailaddress(or whatever)

... Nothing!

Nice try though... Best protection is through your email client. O2K3 does
it native ^^

I realize that, my point was that blocking more is better than blocking less. Whenever you can block everything and allow only the needed traffic, you'll be better off. Removing as many possible 'phone home vectors' as possible certainly can't hurt and is good security policy in general.

--Ben

~
-----Original Message-----
From: full-disclosure-admin@lists.netsys.com [mailto:full-disclosure-
admin@lists.netsys.com] On Behalf Of Ben Nelson
Sent: Wednesday, January 07, 2004 7:34 PM
To: Gregh
Cc: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] Is the FBI using email Web bugs?
Gregh wrote:

wont listen. In Zone Alarm you can tell it to DISALLOW Outlook Express
(or
whatever you like) access to different ports. So, I tell it to disallow
access to or from port 80 by OE. Thus, a received HTML email with pics
and

such in it just shows blanks, "x" or placeholders, really. Now, while
saying
this, if you decided to use some other port to report back on, sure, you
would get around this but the majority of spam operators who spam you
don't

require JUST the "click to remove" to be clicked to verify you DO exist
thus

send more spam and sell the address to another spammer. They also have
port

80 and if the email is clicked on by a typical OE setup, just to delete,
it

"phones home". For those described earlier in this paragraph, ZA
blocking OE

in/out on port 80 stops most of the phone home stuff.
Couldn't you just block all port access from OE *EXCEPT* those that are
needed? (probably 25, 110, 143)
--Ben
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Is the FBI using email Web bugs?
  - From: Azerail <Azerail@supersecretninjaskills.com>

References:
- RE: [Full-Disclosure] Is the FBI using email Web bugs?
  - From: "Poof" <gui@goddessmoon.org>

Prev by Date: Re: [Full-Disclosure] Show me the Virrii!
Next by Date: RE: [Full-Disclosure] Is the FBI using email Web bugs?
Previous by thread: RE: [Full-Disclosure] Is the FBI using email Web bugs?
Next by thread: Re: [Full-Disclosure] Is the FBI using email Web bugs?
Index(es):
- Date
- Thread