[Esd-l] INCLUDEPICTURE check
Juan Manuel Calvo
jmc at cema.edu.ar
Thu Oct 31 07:16:01 PST 2002
There are a security problem with this item, one spam message trapped in
our server has an attachment containing a MSWord, this document has an
INCLUDEPICTURE pointing to a remote page, and the url includes a message
identifier. With this the sender can detect if the attachmente was open
and get information about the victim computer.
John D. Hardin wrote:
> On Wed, 30 Oct 2002, Simon Matthews wrote:
>
>
>>I just saw an email that was quarantined because of the
>>INCLUDEPICTURE check.
>>
>>IIRC, this check is to stop stealing of files on disk. However in the
>>example that I saw, the picture URL referred to an external website.
>>
>>Is there any way to exclude references to websites from this check or only
>>trigger quarantining if the reference is to a local file?
>
>
> Not at the moment.
>
> I'll have to see how parseable the target specifier is.
>
> --
> John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
> jhardin at impsec.org pgpk -a jhardin at impsec.org
> key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> ...the Fates notice those who buy chainsaws...
> -- www.darwinawards.com
> -----------------------------------------------------------------------
> 48 days until The Two Towers
> _______________________________________________
> Esd-l mailing list
> Esd-l at spconnect.com
> http://www.spconnect.com/mailman/listinfo/esd-l
>
--
Ing. Juan Manuel Calvo TE: +54-11-4314-2269
Director del Centro de Computos FAX:+54-11-4314-1654
Universidad Del CEMA
Cordoba 374 (1054) Capital Federal, Argentina
More information about the esd-l
mailing list