Integrity, ethics: HP invented it
|
|
|
Big bad bug not so big or bad
Not all images on the web end in .gif or .jpg, some people actually use CGI scripts to load images, so blocking all images that have a question mark or ampersand in the URL will also anger a lot of webmasters.
--snip--
"What this does is lets the spammer track the reading of the spam. It is your email program that registers the
hit on the webserver if you are exploitable. So for example the web exploit I setup where you can enter an email
address can be used to enter anyone's email address and if they use Outlook or Outlook Express and are on the net when
they open or preview the email, then their outlook will hit that server and log the time/date, their IP, their email
address, what OS they run, and what browser is the system default." He claimed the technique was " vastly different
from a webbug in a web page" as this technique sends an email and just reading an email exploits the end user. "They
don't need to ever browse anywhere, all they do is receive and read an email and their IP and other information is
fully exposed," he said.
--snip--
Gotta love how the media blows these things out of proportion. Any time you visit any web site, your browser reveals
its version, OS, referer, etcetra, etcetra. Your IP address is always revealed when you connect to any machine. Someone
got pretty with an
tag.
It's not as big of a security concern as this article makes it out to be, I agree this is a problem, but why is everyone pointing the finger at Microsoft? You misunderstanding individuals should point the finger at any vendor that makes an e-mail client that parses HTML, perhaps HTML is a security hole, should we all discard HTML and go back to Gopher? You decide. ยต
(Email address supplied - but bounces. Cough)
Share this:
Share
