Full Disclosure mailing list archives
Re: Is the FBI using email Web bugs?
From: Ben Nelson <lists () venom600 org>
Date: Thu, 08 Jan 2004 00:05:45 -0700
Poof wrote:
Actually- the problem with that is that fine... it won't allow any ports except for the needed 25/110/143... Then what's to stop an image from using http://www.spamsite.com:25/110/phonehome.jpg?emailaddress(or whatever) ... Nothing! Nice try though... Best protection is through your email client. O2K3 does it native ^^
I realize that, my point was that blocking more is better than blocking less. Whenever you can block everything and allow only the needed traffic, you'll be better off. Removing as many possible 'phone home vectors' as possible certainly can't hurt and is good security policy in general.
--Ben
~-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure- admin () lists netsys com] On Behalf Of Ben Nelson Sent: Wednesday, January 07, 2004 7:34 PM To: Gregh Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Is the FBI using email Web bugs? Gregh wrote:wont listen. In Zone Alarm you can tell it to DISALLOW Outlook Express(orwhatever you like) access to different ports. So, I tell it to disallow access to or from port 80 by OE. Thus, a received HTML email with picsandsuch in it just shows blanks, "x" or placeholders, really. Now, whilesayingthis, if you decided to use some other port to report back on, sure, you would get around this but the majority of spam operators who spam youdon'trequire JUST the "click to remove" to be clicked to verify you DO existthussend more spam and sell the address to another spammer. They also haveport80 and if the email is clicked on by a typical OE setup, just to delete,it"phones home". For those described earlier in this paragraph, ZAblocking OEin/out on port 80 stops most of the phone home stuff.Couldn't you just block all port access from OE *EXCEPT* those that are needed? (probably 25, 110, 143) --Ben _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Is the FBI using email Web bugs?, (continued)
- Re: Is the FBI using email Web bugs? Azerail (Jan 07)
- Re: Is the FBI using email Web bugs? Ed Carp (Jan 07)
- Re: Is the FBI using email Web bugs? William Warren (Jan 07)
- Re: Is the FBI using email Web bugs? petard (Jan 07)
- RE: Is the FBI using email Web bugs? Geo. (Jan 07)
- Re[2]: Is the FBI using email Web bugs? Thierry (Jan 07)
- Re: Is the FBI using email Web bugs? Gregh (Jan 07)
- Re: Is the FBI using email Web bugs? Ben Nelson (Jan 07)
- Re: Is the FBI using email Web bugs? Gregh (Jan 07)
- RE: Is the FBI using email Web bugs? Poof (Jan 07)
- Re: Is the FBI using email Web bugs? Ben Nelson (Jan 07)
- Re: Is the FBI using email Web bugs? Azerail (Jan 08)
- Re: Is the FBI using email Web bugs? Gregh (Jan 08)
- Re: Is the FBI using email Web bugs? Azerail (Jan 08)
- Re: Is the FBI using email Web bugs? Jonathan A. Zdziarski (Jan 08)
- OT: (*Again?*) Mail Clients (Was: Re: Is the FBI using email Web bugs?) Damian Gerow (Jan 08)
- Re: OT: (*Again?*) Mail Clients (Was: Re: Is the FBI using email Web bugs?) Nico Golde (Jan 08)
- Re: Is the FBI using email Web bugs? José María Mateos (Jan 08)
- Re: Is the FBI using email Web bugs? jan . muenther (Jan 08)
- Re: Is the FBI using email Web bugs? Azerail (Jan 08)
- Re: Is the FBI using email Web bugs? bryce (Jan 08)