[22306] in bugtraq
Re: HTML email "bug", of sorts.
daemon@ATHENA.MIT.EDU (John D. Hardin)
Sun Aug 19 13:17:08 2001
Date: Sat, 18 Aug 2001 21:40:05 -0700 (PDT)
From: "John D. Hardin" <jhardin@impsec.org>
To: Alex Prestin <wakko@bitey.net>
Cc: bugtraq@securityfocus.com
In-Reply-To: <Pine.LNX.4.21.0108180605310.15817-100000@wakko.bitey.net>
Message-ID: <Pine.LNX.4.10.10108182138060.29015-100000@gypsy.impsec.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Sat, 18 Aug 2001, Alex Prestin wrote:
> <DEFANGED_IMG
> src="http://www.megahardcoresex.com/sites/XXXXXXXX0 (continued)
> 3b/sf03b08152001.gif?M=XXXXXXXXX&ID=wakko@bitey.net" width="1" height="1">
>
> See it? A web bug. If I opened this mail in an HTML-capable
> browser, that little image would've popped up and I would've been
> none the wiser. My address would also have been verified by the
> sender, and stored in a large database of valid recipients.
This is well-known. BGSOUND tags are also vulnerable to misuse in this
manner.
> So, anyone have any idea of how to deal with this latest little
> spammer toy? Is there any effective way to filter out web bugs
> without adversely affecting the delivery intact of legitimate
> messages?
http://www.impsec.org/email-tools/procmail-security.html
(If you're running a procmail-capable mail server.)
Looking at the tag above shows you what it does...
--
John Hardin KA7OHZ ICQ#15735746 http://www.wolfenet.com/~jhardin/
jhardin@impsec.org pgpk -a finger://gonzo.wolfenet.com/jhardin
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
In 1998 more than three times as many people in the US were killed
by incompetent physicians than were killed by handguns, yet the
President of the A.M.A. is adopting "gun safety" as his platform.
-----------------------------------------------------------------------
1172 days until the Presidential Election
