Re: [Full-Disclosure] Is the FBI using email Web bugs?

Thu, 08 Jan 2004 01:11:31 -0800

Poof wrote: 
Actually- the problem with that is that fine... it won't allow any ports
except for the needed 25/110/143... Then what's to stop an image from using
http://www.spamsite.com:25/110/phonehome.jpg?emailaddress(or whatever)

... Nothing!

Nice try though... Best protection is through your email client. O2K3 does
it native ^^


I realize that, my point was that blocking more is better than blocking less. Whenever you can block everything and allow only the needed traffic, you'll be better off. Removing as many possible 'phone home vectors' as possible certainly can't hurt and is good security policy in general.

--Ben


~


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:full-disclosure-
[EMAIL PROTECTED] On Behalf Of Ben Nelson
Sent: Wednesday, January 07, 2004 7:34 PM
To: Gregh
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Is the FBI using email Web bugs?

Gregh wrote:

wont listen. In Zone Alarm you can tell it to DISALLOW Outlook Express

(or

whatever you like) access to different ports. So, I tell it to disallow
access to or from port 80 by OE. Thus, a received HTML email with pics

and

such in it just shows blanks, "x" or placeholders, really. Now, while

saying

this, if you decided to use some other port to report back on, sure, you
would get around this but the majority of spam operators who spam you

don't

require JUST the "click to remove" to be clicked to verify you DO exist

thus

send more spam and sell the address to another spammer. They also have

port

80 and if the email is clicked on by a typical OE setup, just to delete,

it

"phones home". For those described earlier in this paragraph, ZA

blocking OE

in/out on port 80 stops most of the phone home stuff. 

Couldn't you just block all port access from OE *EXCEPT* those that are
needed? (probably 25, 110, 143)

--Ben

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Reply via email to