Runboard.com
Слава Україні!
Lost? Hover on Bookmarks!
Runboard Extra! The Runboard Directory Runboard Knowledge Base

Welcome to Runboard Support, the place to find help with your Runboard user account or message board.

If you can't find the answer you need with our search feature, ask here, and a member of staff will respond to you personally.

Chat room Runboard Knowledge Base (wiki) Search Facebook Twitter

runboard.com       You are not logged in.

Page:  1  2 

 
Lesigner Girl Profile
Live feed
Blog
Friends
Miscellaneous info

Global Administrator
Head of Runboard staff

Registered: 11-2005
Posts: 26739
Karma: 436 (+489/-53)
Reply | Quote
Re: TLS with Runboard?


Information can easily be "hidden" in an image. I made this image on the fly just now.

Image

If you save it to your computer, then drag the saved file into Notepad, you'll see the info I hid in there, using nothing but Gimp.

A lot of people believe they have received viruses from image files. However, those are not actual image files, and they can't even be opened as images. Rather, they are named in a way that makes it look like they have an image extension like .gif, .png, etc.

I'm sure it also doesn't help when a browser blocks a page because it contains images which are hosted on a site that was reported to contain viruses. When someone sees a warning that says "This page is unsafe because somesmileydomain.com has a virus," I can see why some people might get the wrong impression.

However, this warning doesn't mean the images themselves are infected. What it means is that there was a virus on the website that hosts the images, assuming it wasn't a false positive or fake report, and this virus would have been embedded in one or more pages, not the images.

I mentioned web beacons earlier. It is possible to use an image to collect some harmless information, like the stuff they show you here.

That said, I do keep hosted images disabled by default in my email client, and the images don't even have to be web beacons. If you receive spam, this means a spammer could have found your email address somewhere, bought it from someone who sells email addresses, or is using a script to try random email addresses. Even if you receive spam, the sender may or may not know that they are sending to a valid email address, but they can confirm you opened the email if you have hosted images enabled. With every email they send, they could add a string to the image url that matches the email address they sent it to. With this technique, they wouldn't even need to write a script to know which recipients viewed this image. All they would need to do is check their site logs to see which files were opened. If a spammer embeds an image called spammerswebsite.com/[email protected] to [email protected], and the recipient views this image, this can confirm to the spammer that [email protected] is a valid email address.

To summarize: Viewing an image can't give you a virus, but viewing an image in an email that was sent by a spammer can confirm to the sender that the email address they sent it to actually exists and is being used by someone.

When an email address is confirmed as actually being used by someone, this email address gets added to more spam lists, which means more spam will be sent to that email address. Of course, these same lists can also be used by people who send out viruses, but you're not going to get a virus from viewing an image.

I hope that all made enough sense to educate, without causing anyone any unnecessary worry.

---
Runboard Knowledge Base
Runboard Support Forums
Find other message boards
11/8/2017, 7:37 am Link to post Email Lesigner Girl   PM Lesigner Girl Blog
 
Joxcenia Profile
Live feed
Blog
Friends
Miscellaneous info

Global Administrator
Runboard staff member

Registered: 11-2005
Location: Whoosher House
Posts: 7810
Karma: 74 (+75/-1)
Reply | Quote
Re: TLS with Runboard?


I have the preview pane closed in my email program. And Thunderbird is usually pretty good about blocking images in emails I haven't marked as safe ... and sometimes even in ones I have marked as safe. I also do a CTRL+U on an unopened email to see inside without opening it to make sure it's okay to view. I can see all the links and email addresses.





---

11/8/2017, 12:21 pm Link to post Email Joxcenia   PM Joxcenia Blog
 
Lesigner Girl Profile
Live feed
Blog
Friends
Miscellaneous info

Global Administrator
Head of Runboard staff

Registered: 11-2005
Posts: 26739
Karma: 436 (+489/-53)
Reply | Quote
Re: TLS with Runboard?


It's great to be able to see links and email addresses before opening an email. emoticon



---
Runboard Knowledge Base
Runboard Support Forums
Find other message boards
11/15/2017, 6:45 am Link to post Email Lesigner Girl   PM Lesigner Girl Blog
 
Joxcenia Profile
Live feed
Blog
Friends
Miscellaneous info

Global Administrator
Runboard staff member

Registered: 11-2005
Location: Whoosher House
Posts: 7810
Karma: 74 (+75/-1)
Reply | Quote
Re: TLS with Runboard?


It is. Scammers can't hide the real links in this view.







---

11/15/2017, 8:15 am Link to post Email Joxcenia   PM Joxcenia Blog
 
Lesigner Girl Profile
Live feed
Blog
Friends
Miscellaneous info

Global Administrator
Head of Runboard staff

Registered: 11-2005
Posts: 26739
Karma: 436 (+489/-53)
Reply | Quote
Re: TLS with Runboard?


ImageImage: thumbs up

---
Runboard Knowledge Base
Runboard Support Forums
Find other message boards
11/15/2017, 5:54 pm Link to post Email Lesigner Girl   PM Lesigner Girl Blog
 


Add a reply

Page:  1  2 



You are not logged in (login)