Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HTML email "bug", of sorts.

From: "John D. Hardin" <jhardin () impsec org>
Date: Sat, 18 Aug 2001 21:40:05 -0700 (PDT)
On Sat, 18 Aug 2001, Alex Prestin wrote:


<DEFANGED_IMG
src="http://www.megahardcoresex.com/sites/XXXXXXXX0 (continued)
3b/sf03b08152001.gif?M=XXXXXXXXX&ID=wakko () bitey net" width="1" height="1"> 

See it?  A web bug.  If I opened this mail in an HTML-capable
browser, that little image would've popped up and I would've been
none the wiser.  My address would also have been verified by the
sender, and stored in a large database of valid recipients.


This is well-known. BGSOUND tags are also vulnerable to misuse in this
manner.


So, anyone have any idea of how to deal with this latest little
spammer toy?  Is there any effective way to filter out web bugs
without adversely affecting the delivery intact of legitimate
messages?


http://www.impsec.org/email-tools/procmail-security.html

(If you're running a procmail-capable mail server.)

Looking at the tag above shows you what it does...

--
 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin () impsec org        pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  In 1998 more than three times as many people in the US were killed
  by incompetent physicians than were killed by handguns, yet the
  President of the A.M.A. is adopting "gun safety" as his platform.
-----------------------------------------------------------------------
   1172 days until the Presidential Election
Previous By Date Next
Previous By Thread Next

Current thread: