[NEWS] The Perfect Read Receipt - Using HTML Tagging to Verify E-mail Reading ("Web Bugs")
From: support@securiteam.comDate: 08/23/01
- Previous message: support@securiteam.com: "[TOOL] Taranis, Switch Specific Sniffer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [NEWS] The Perfect Read Receipt - Using HTML Tagging to Verify E-mail Reading ("Web Bugs") Message-Id: <20010823114550.D7350138BF@mail.der-keiler.de> Date: Thu, 23 Aug 2001 13:45:50 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
The Perfect Read Receipt - Using HTML Tagging to Verify E-mail Reading
("Web Bugs")
------------------------------------------------------------------------
SUMMARY
"Web bugs" are small, 1x1 (or similar-sized) transparent GIF images which
can be used to track the movement of a user around the web. About 1 in 10
sites use them.
In additional to this usage, they can be used more effectively for the
task of verifying whether an email has arrived to its destination.
Spammers use this technique to verify whether e-mail addresses are valid,
other users can use this method for the equivalent of a 'read receipt'.
DETAILS
Below is an example of a "Web Bug":
<img src="http://www.example.com/sites/XXXXXXXX0/
3b/sf03b08152001.gif?M=XXXXXXXXX&ID=wakko@example.net" width="1"
height="1">
(NOTE: HTML Tag was split into two parts)
This 'web bug' can be easily planted in any HTML e-mail. If you open this
mail in an HTML-capable mail program, that little image would appear
(although it may be too small to actually notice it). The sender of the
e-mail has verified that the e-mail was opened, since the image with the
unique name was 'pulled' from his web server.
Solution:
You can use Procmail (or other e-mail applications) to filter out such
HTML tags from incoming emails. For more information about procmail see:
<http://www.impsec.org/email-tools/procmail-security.html>
http://www.impsec.org/email-tools/procmail-security.html
Web sites:
See the following web site: <http://www.SnoopAlarm.com>
www.SnoopAlarm.com for a demonstration on what information can be
collected on unsuspecting surfers.
ADDITIONAL INFORMATION
The information has been provided by <mailto:wakko@bitey.net> Alex
Prestin, <mailto:jhardin@impsec.org> John D. Hardin, and
<mailto:james_kelley@kindredhealthcare.com> James Kelley.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[TOOL] Taranis, Switch Specific Sniffer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
