Bugtraq mailing list archives
Re: HTML email "bug", of sorts.
From: Curt Sampson <cjs () cynic net>
Date: Tue, 21 Aug 2001 17:33:43 +0900 (JST)
On Mon, 20 Aug 2001, Bear Giles wrote:
For everything that matches, look for any height and width attributes for the image. If it's 1, you have a web bug. Even if it's 2-8 or so, it's probably still a web bug. ... 2) on a related note, if you see anything like <img src="http://spammer.com/images/foo.gif?some-random-string-here"> you can snip the "?some-random-string-here" part. Their logs may
Nah. My first thought, when asked about the technical details of e-mail bugs at a certain company whose name I won't mention to protect the guilty, was, "How do we make sure it doesn't look like a bug?" So you insert this: <img src="http://www.example.com/imgs/18465485943/foo.gif" width=400 height=90> as your company logo in the newsletter or whatever you're sending out. That invokes a servlet or whatever called /imgs which looks at the remainder of the path as a parameter, logs a hit from 18465485943 in your database (we would have associated this with a particular piece of mail that went out) and returns your company logo. You make sure that the header specifies that it expires instantly, of course, so you get information that the message has been forwarded or re-read or whatever. I really don't see any way to protect against these bugs, except not to retrieve external images. And that, as others have mentioned, is not likely to go over so well with a lot of users out there. cjs -- Curt Sampson <cjs () cynic net> +81 3 5778 0123 http://www.netbsd.org Don't you know, in this new Dark Age, we're all light. --XTC
Current thread:
- Re: HTML email "bug", of sorts. thomas . rowe (Aug 19)
- Re: HTML email "bug", of sorts. Thor (Aug 19)
- RE: HTML email "bug", of sorts. David LeBlanc (Aug 20)
- <Possible follow-ups>
- Re: HTML email "bug", of sorts. james_kelley (Aug 19)
- Re: HTML email "bug", of sorts. Alex Prestin (Aug 19)
- Re[2]: HTML email "bug", of sorts. Walter Hop (Aug 20)
- Re[2]: HTML email "bug", of sorts. Mark Tinberg (Aug 20)
- Re: HTML email "bug", of sorts. Peter W (Aug 21)
- Re[2]: HTML email "bug", of sorts. Walter Hop (Aug 20)
- Re: HTML email "bug", of sorts. Bear Giles (Aug 20)
- Re: HTML email "bug", of sorts. Sean Straw / PSE (Aug 21)
- Re: HTML email "bug", of sorts. Curt Sampson (Aug 21)
- RE: HTML email "bug", of sorts. Ben Yu (Aug 20)
- Re: HTML email "bug", of sorts. Jeffrey W. Dronenburg (Aug 21)