Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is great for pranks: you send a serious looking email to someone, and then they forward it to someone else thinking they sent some chart or whatever but the next receiver instead sees another picture of your choosing


Or a new way to distribute spam? ;)


Or spearphishing. Send a secretary something that looks like a nice business proposal, then when she forwards it to her boss it's a link to some XSS attack.


Should be the other way around. You forward an email that's "obviously" spam, and then the abuse guys go "what do you mean, this is a regular project status update!"


you can use it to send "for your eyes only" stuff.

example: send an image to Mary and tell her not to send it to anyone else. She inevitably sends it to someone else, but the image magically changes to another image that says a message, maybe it says "DAMN IT MARY, I SAID DON'T SEND IT TO ANYONE ELSE!"


I'd replace it with "Mary's STD Test results" so the person who receives it will be very confused.


Trojan Phish.


Can't you do that just by changing the image at the url it points to?


I believe gmail downloads and caches images when it receives the email now.


Which is even better. You can change the image right after sending it, so anyone they send it to is guaranteed to get a different image.


That brings up an interesting question. Does GMail cache per-user or per-url? I would suspect the latter.


Would still work if they sent to a different email client.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: