General discussion

  • Creator
  • #2259069

    URL visit reveals email address?


    by j0hngalt ·

    Visited a friend, surfed URLs and checked email online – not Outlook, logged out. Friend called to say email sent to him in my name and my correct email address – appeared in his outlook. How can this happen? Through HTML-IP ‘sensor’?

All Comments

  • Author
    • #3282621

      Several possibilities

      by gralfus ·

      In reply to URL visit reveals email address?

      Your friend could have spyware that harvested the information from your session, or perhaps the friend was using a tool that sniffs network traffic (obtaining your login and password to your email). If your friend has a wireless connection to the network, then someone else could be connected and running a sniffer. It doesn’t matter at that point if you visit a “secure” website or not, all is visible using the right program.

    • #3282564

      If it was a private message sent via TechRepublic…

      by justin james ·

      In reply to URL visit reveals email address?

      … and you had visited his profile that had you had bookmarked, then it is a known bug w/TechRepublic’s site. Depending on how the bookmark is made, it will send a blank email when visited. But if this is not the cae, then the previous poster’s comment are spot on.


    • #3282463

      Registry ‘mining’ ?

      by j0hngalt ·

      In reply to URL visit reveals email address?

      Thanks – Not a TechRep site and no snoopers used. Concerned that registry was queried as seems to be only location where host/email config resides (besides cache/cookies?). Q:We know IP add. is captured but, is it a known practice to search and extract registry and other supposedly secure data thru Web/URL connection? Some sites quote security policy citing ‘sensor’ can determine system cfg – what more?

    • #3200168

      I wonder …

      by lathan_devers ·

      In reply to URL visit reveals email address?

      What kind of protection was your friend running? Firewall, antivirus, anti-spyware? I am assuming from your post that you were on your friend’s computer at the time. If so, could there already be bad stuff on his computer?

    • #3284252


      by kiltie ·

      In reply to URL visit reveals email address?

      If you and your friend have a common friend whose machine is infected with a mass mailer, then your addy (and his) could have been picked at random among address books, html docs, whatever the worm uses to find out EMail addresses.

      I experienced this:
      I once got an email from one of my accounts to another of mine. These two accounts were only used for specific leagues of online backgammon. Upon investigating, it turned out that several people in a group of around 20-30 were getting these, I could narrow it down to a shortlist of 8 people.

      I emailed those, suggesting that one of their machines was infected and to get it checked.

      Spot on, someone found out that hers was, she cleaned it out and the mailings stopped.

      • #3284183

        Mailers, worrms ??

        by j0hngalt ·

        In reply to spoofing

        Thanks for the inputs. A couple things though. In order to keep things simple, used myself as original mailer on my friend’s PC. It was in fact a friend visiting me that used my friends PC and did not know or exchange email w/ my friend, so never any ties. My visiting friend visited URL unknown to us, who we suspect used an IP sensor – my question remains – is there currently a piece of code or ‘sensor’ that can be uploaded from URL to visiting browser – that can collect then return user/data (or query registry) to the host? Any one know if this is possible?

        • #3283977

          Yes if …

          by lathan_devers ·

          In reply to Mailers, worrms ??

          There is code that can be run from a web page however this type of problem has been addressed by security updates put out by Microsoft. These security holes are mainly found in IE. If security settings have not been properly set for IE and/or if updates for IE have not been kept up to date, you can run into problems such as this. An example of code being run is Microsoft Security Bulletin MS03-032.

    • #2878868


      by bruna paiva dos santos ·

      In reply to URL visit reveals email address?


Viewing 5 reply threads