[4228] in WWW Security List Archive
Re: Return Receipts and Security
daemon@ATHENA.MIT.EDU (Speedy)
Fri Jan 31 20:53:44 1997
Date: Fri, 31 Jan 1997 18:20:16 -0500 (EST)
From: Speedy <vc51680@pegasus.cc.ucf.edu>
To: Jack Gostl <gostl@argoscomp.com>
cc: "David W. Morris" <dwm@xpasc.com>, www-security@ns2.rutgers.edu
In-Reply-To: <Pine.A32.3.91.970130095246.113368B-100000@argoscomp.com>
Errors-To: owner-www-security@ns2.rutgers.edu
On Thu, 30 Jan 1997, Jack Gostl wrote:
> That Return-Receipt field is pretty mild. It simply says that the local
> sendmail got the message, not that the user is signed on. I think a
> bigger problem is the X-style receipt that Pegasus can generate, which
> goes out when the message is READ. Pegasus allows you to turn it off, but
> if you don't, it is exactly what you described, a method for checking
> when a user is logged on.
>
What would be / are the security risk of a user allowing other to see if
they are logged on?
Vicki
