General discussion


URL visit reveals email address?

By J0hnGalt ·
Visited a friend, surfed URLs and checked email online - not Outlook, logged out. Friend called to say email sent to him in my name and my correct email address - appeared in his outlook. How can this happen? Through HTML-IP 'sensor'?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Several possibilities

by gralfus In reply to URL visit reveals email a ...

Your friend could have spyware that harvested the information from your session, or perhaps the friend was using a tool that sniffs network traffic (obtaining your login and password to your email). If your friend has a wireless connection to the network, then someone else could be connected and running a sniffer. It doesn't matter at that point if you visit a "secure" website or not, all is visible using the right program.

Collapse -

If it was a private message sent via TechRepublic...

... and you had visited his profile that had you had bookmarked, then it is a known bug w/TechRepublic's site. Depending on how the bookmark is made, it will send a blank email when visited. But if this is not the cae, then the previous poster's comment are spot on.


Collapse -

Registry 'mining' ?

by J0hnGalt In reply to URL visit reveals email a ...

Thanks - Not a TechRep site and no snoopers used. Concerned that registry was queried as seems to be only location where host/email config resides (besides cache/cookies?). Q:We know IP add. is captured but, is it a known practice to search and extract registry and other supposedly secure data thru Web/URL connection? Some sites quote security policy citing 'sensor' can determine system cfg - what more?

Collapse -

I wonder ...

by sdcphoneguy In reply to URL visit reveals email a ...

What kind of protection was your friend running? Firewall, antivirus, anti-spyware? I am assuming from your post that you were on your friend's computer at the time. If so, could there already be bad stuff on his computer?

Collapse -


by Kiltie In reply to URL visit reveals email a ...

If you and your friend have a common friend whose machine is infected with a mass mailer, then your addy (and his) could have been picked at random among address books, html docs, whatever the worm uses to find out EMail addresses.

I experienced this:
I once got an email from one of my accounts to another of mine. These two accounts were only used for specific leagues of online backgammon. Upon investigating, it turned out that several people in a group of around 20-30 were getting these, I could narrow it down to a shortlist of 8 people.

I emailed those, suggesting that one of their machines was infected and to get it checked.

Spot on, someone found out that hers was, she cleaned it out and the mailings stopped.

Collapse -

Mailers, worrms ??

by J0hnGalt In reply to spoofing

Thanks for the inputs. A couple things though. In order to keep things simple, used myself as original mailer on my friend's PC. It was in fact a friend visiting me that used my friends PC and did not know or exchange email w/ my friend, so never any ties. My visiting friend visited URL unknown to us, who we suspect used an IP sensor - my question remains - is there currently a piece of code or 'sensor' that can be uploaded from URL to visiting browser - that can collect then return user/data (or query registry) to the host? Any one know if this is possible?

Collapse -

Yes if ...

by sdcphoneguy In reply to Mailers, worrms ??

There is code that can be run from a web page however this type of problem has been addressed by security updates put out by Microsoft. These security holes are mainly found in IE. If security settings have not been properly set for IE and/or if updates for IE have not been kept up to date, you can run into problems such as this. An example of code being run is Microsoft Security Bulletin MS03-032.

Collapse -



Related Discussions

Related Forums