HTML E-mail Clients Susceptible to 'Wire-Tapping'
Page 1 of 2
The exploit was first discovered by British Columbia-based systems design engineer Carl Voth on Oct. 5, 1998. Voth dubbed it the Reaper Exploit but was unable to generate wide-scale attention for the exploit's potential abuses, which range from spying on businesses' negotiations to harvesting e-mail addresses from a chain letter to create a spammer list.
The exploit allows a savvy Internet user, with access to a Web server and logging services, to intercept replies and forwards of e-mail messages equipped with it.
For instance, a company entering negotiations with another company might embed the exploit in an e-mail proposal and then harvest inside information about that company's bargaining position by intercepting replies and forwards as the message is circulated through that company's internal e-mail system.
The server then copies down the name of the file requested, giving out the contents of the e-mail, and then sends back the zero by zero pixel image.