From: c0redump@ackers.org.uk
Date: Fri Oct 13 2006 - 09:15:19 EDT
I touched on the below method (1x1 pixel relating to honey tokens) at
http://www.tomneaves.co.uk/index.php?itemid=30 a while back. It's an
interesting idea.
- Tom
----- Original Message -----
From: Clint Laskowski
To: pen-test@securityfocus.com
Sent: Thursday, October 12, 2006 5:28 AM
Subject: RE: Using viruses in pen-test
...
If your goal is to see if users open email that they shouldn't, consider
sending an HTML email message with a 1x1 pixel image pulled from your
website. Use a unique file name for the image that will only be used in the
test. Then, after allowing enough time for the users to open the message,
check your weblogs to see if the image was downloaded, and at what time.
Even better, have unique file names for each email you send out. That way
you can tell who read the email ... or at least the fact that a specific
email (sent to a specific person) was read at a specific time. However, keep
in mind this approach was apparently used by HP recently (see
http://news.zdnet.com/2100-1009_22-6121048.html) using a service called
ReadNotify, and look where it got them!
Use these concepts at your own risk!
-- clint
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:11 EDT