1997-04-22 - Re: How to pick up email addresses from a feedback form??

Header Data

From: Alan Olsen <alan@ctrl-alt-del.com>
To: bdurham@swbell.net
Message Hash: d4839eec8b2e99e727ff4b6eb44a17889af337ed219393ed65fb4e16cb6dce59
Message ID: <3.0.1.32.19970421215659.00a2bbb0@mail.teleport.com>
Reply To: <3.0.1.16.19970421165922.43e76ca4@pop.mindspring.com>
UTC Datetime: 1997-04-22 04:58:56 UTC
Raw Date: Mon, 21 Apr 1997 21:58:56 -0700 (PDT)

Raw message

From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Mon, 21 Apr 1997 21:58:56 -0700 (PDT)
To: bdurham@swbell.net
Subject: Re: How to pick up email addresses from a feedback form??
In-Reply-To: <3.0.1.16.19970421165922.43e76ca4@pop.mindspring.com>
Message-ID: <3.0.1.32.19970421215659.00a2bbb0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 06:22 PM 4/21/97 -0500, Brian Durham wrote:
>Thomas Porter wrote:
>> I have a technical question:
> 
>> Is there another way to do this?  Could a third-party spammer, for
example,
>> capture email addresses posted to such a form?
>
>Having written a few thousand lines of CGI source, I can see a couple of
>possible of things happening. First, it could be as innocent as the CGI
>program
>(the program that acts on the form's data) is hosted at the bbb.com
>site.
>The person at aaa.com may not have permissions to execute cgi-bin
>programs
>(or not know how to set them up).  I see this as most likely.

Or they may have switched sites and have not changed over the back end code
to the new site.

>Unfortunately, the ultimate answer is in the CGI program at bbb.com ...
>it would be nice to see its source to see if it was [horror!] hacked to
>e-mail the contents of the form to aaa.com and bbb.com.

You can always look at the source of the page and see what sites are
contacted.   Look at the form tag and see where the cgi code is located.

>Packet-sniffing is always possible [not my area of expertise], but who
>would go
>to all that trouble just to get e-mail addresses to add to their SPAM
>list?

If there was a packet sniffer on the line, you would not see it.  Packet
sniffers are PASSIVE.  They just sit and read traffic and record the
interesting (or not so interesting) bits.

>Our hacker friends can probably shed some more light on this also.

Why worry about e-mail addresses being diverted?  If you don't want them to
find you out, don't give out your address.

"The first rule of not being seen is DON'T STAND UP!"
 
-----BEGIN PGP SIGNATURE-----
Version: 4.5

iQEVAwUBM1xFD+QCP3v30CeZAQFkqwf8CqoTcBKFc4L7rHJbHNYot3foSTLXAf+E
S5TxCkxL4Q5QZvLHtHBC6NBICsLrRPaaypOvXkAG9XXfaQdDT844gSv002/LznZj
eWzgPkng5OtUECfnHy2ve9isfBjQHgaR+yMVglS/Kxqs9myOh+yfJZcGBk6xgmmd
obLQJtO9e20dWKiG8dfWTRJh0llrXR2cpNdvg2CwN9B6nIDp+VOFGXAuWTNK8Lp9
Of1KPQAe3MsmmbvGMWruWaFwafdpxDpn1wnoSgFVfjQScIskZWmXIF4UAzS7dIYj
Isuq8ZjraGtkuG4noj82YyX5Ixf01+i3Dpww5MHSZAkTrPdlxR8cyw==
=pTuL
-----END PGP SIGNATURE-----

---
|            "Mi Tio es infermo, pero la carretera es verde!"            |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan@ctrl-alt-del.com|





Thread