[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sqwebmail
Subject:    Re: [sqwebmail] Re: html images
From:       Jim Penny <jpenny () universal-fasteners ! com>
Date:       2002-09-30 22:09:37
[Download RAW message or body]

On Mon, Sep 30, 2002 at 05:40:48PM -0400, Sam Varshavchik wrote:
> dizasta writes:
> 
> >ok thanks. why is it a security flaw btw? 
> 
> If I send you an HTML mail, with a link to an external image, I'll know:
> 
> 1) When you've read my mail,
> 
> 2) What mail software you're using to read my mail,
> 
> 3) Your IP address
> 
> 4) The fact that your E-mail address is valid, and represents a deliverable 
> mailbox.
> 

And, that you are the type of person who is either unaware of these
issues, or don't worry about them.  In either case, you just as well
walk around with a sign saying "Hack me".

Jim Penny

> 
> Additionally, #2 may provide additional information that might be helpful 
> in exploiting any known security holes in your mail software.
> 
> 
[prev in list] [next in list] [prev in thread] [next in thread]