Re: [Full-Disclosure] Is the FBI using email Web bugs?
From: Ben Nelson (lists_at_venom600.org)
Date: 01/08/04
- Previous message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] Show me the Virrii!"
- In reply to: Poof: "RE: [Full-Disclosure] Is the FBI using email Web bugs?"
- Next in thread: Azerail: "Re: [Full-Disclosure] Is the FBI using email Web bugs?"
- Reply: Azerail: "Re: [Full-Disclosure] Is the FBI using email Web bugs?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Poof <gui@goddessmoon.org> Date: Thu, 08 Jan 2004 00:05:45 -0700
Poof wrote:
> Actually- the problem with that is that fine... it won't allow any ports
> except for the needed 25/110/143... Then what's to stop an image from using
> http://www.spamsite.com:25/110/phonehome.jpg?emailaddress(or whatever)
>
> ... Nothing!
>
> Nice try though... Best protection is through your email client. O2K3 does
> it native ^^
>
I realize that, my point was that blocking more is better than blocking
less. Whenever you can block everything and allow only the needed
traffic, you'll be better off. Removing as many possible 'phone home
vectors' as possible certainly can't hurt and is good security policy in
general.
--Ben
> ~
>
>
>>-----Original Message-----
>>From: full-disclosure-admin@lists.netsys.com [mailto:full-disclosure-
>>admin@lists.netsys.com] On Behalf Of Ben Nelson
>>Sent: Wednesday, January 07, 2004 7:34 PM
>>To: Gregh
>>Cc: full-disclosure@lists.netsys.com
>>Subject: Re: [Full-Disclosure] Is the FBI using email Web bugs?
>>
>>Gregh wrote:
>>
>>>wont listen. In Zone Alarm you can tell it to DISALLOW Outlook Express
>>
>>(or
>>
>>>whatever you like) access to different ports. So, I tell it to disallow
>>>access to or from port 80 by OE. Thus, a received HTML email with pics
>>
>>and
>>
>>>such in it just shows blanks, "x" or placeholders, really. Now, while
>>
>>saying
>>
>>>this, if you decided to use some other port to report back on, sure, you
>>>would get around this but the majority of spam operators who spam you
>>
>>don't
>>
>>>require JUST the "click to remove" to be clicked to verify you DO exist
>>
>>thus
>>
>>>send more spam and sell the address to another spammer. They also have
>>
>>port
>>
>>>80 and if the email is clicked on by a typical OE setup, just to delete,
>>
>>it
>>
>>>"phones home". For those described earlier in this paragraph, ZA
>>
>>blocking OE
>>
>>>in/out on port 80 stops most of the phone home stuff.
>>
>>Couldn't you just block all port access from OE *EXCEPT* those that are
>>needed? (probably 25, 110, 143)
>>
>>--Ben
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] Show me the Virrii!"
- In reply to: Poof: "RE: [Full-Disclosure] Is the FBI using email Web bugs?"
- Next in thread: Azerail: "Re: [Full-Disclosure] Is the FBI using email Web bugs?"
- Reply: Azerail: "Re: [Full-Disclosure] Is the FBI using email Web bugs?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
