|FROM ||Rick Moen
|SUBJECT ||Re: [NYLXS - HANGOUT] [email@example.com: Open Source Software
|From owner-hangout-outgoing-at-mrbrklyn.com Wed Feb 18 14:29:44 2015
Received: by mrbrklyn.com (Postfix)
id 2222E161302; Wed, 18 Feb 2015 14:29:44 -0500 (EST)
Received: by mrbrklyn.com (Postfix, from userid 28)
id 12B23161304; Wed, 18 Feb 2015 14:29:43 -0500 (EST)
Received: from linuxmafia.com (linuxmafia.COM [126.96.36.199])
by mrbrklyn.com (Postfix) with ESMTP id 538B4161302
for ; Wed, 18 Feb 2015 14:29:42 -0500 (EST)
Received: from rick by linuxmafia.com with local (Exim 4.72)
for hangout-at-nylxs.com; Wed, 18 Feb 2015 11:29:41 -0800
Date: Wed, 18 Feb 2015 11:29:41 -0800
From: Rick Moen
Subject: Re: [NYLXS - HANGOUT] [techinsider-at-ieee.org: Open Source Software
Security - Mitigating Risks]
Content-Type: text/plain; charset=utf-8
Organization: If you lived here, you'd be $HOME already.
X-Mas: Bah humbug.
User-Agent: Mutt/1.5.20 (2009-06-14)
X-SA-Exim-Scanned: No (on linuxmafia.com); SAEximRunCond expanded to false
List-Id: NYLXS General Discussion Forum
Quoting mrbrklyn-at-panix.com (mrbrklyn-at-panix.com):
> risks my ass ... anyway
Did you notice that this IEEE newsletter uses outsourced 'bugged' HTML
links and was _not_ actually sent by ieee.org as claimed in the From:
header? The Internet marketing company being used in this case is one
called Real Magnet (https://www.realmagnet.com), and this is a market
specialty dominated by firms like Constant Contact.
The way this deal works is: Say you are an IEEE functionary who wants
to send out an e-mail newsletter. You pay Real Magnet money every month
to send your mails for you, forging your SMTP headers. The value-add
they offer is: spying on user.
An intuitive interface allows you to get up and running quickly. Easy
to use, flexible tools make message creation and list management a snap.
Dozens of standardized reports bubble up key metrics, and custom
reporting allows for advanced analytics. It's no wonder that
thousands of organizations are using Real Magnet to achieve their
The 'advanced metrics' is courtesy of URLs like this:
> OPEN SOURCE SOFTWARE SECURITY - MITIGATING RISKS FROM DEVELOPMENT, INTEGRATION, DISTRIBUTION AND DEPLOYMENT
> [ http://www.mmsend10.com/link.cfm?r=1869160560&sid=67071139&m=9078502&u=IEEENY&j=25983285&s=https://event.on24.com/eventRegistration/EventLobbyServlet?target=reg20.jsp&eventid=941178&sessionid=1&key=F917DF24F5D50AA033180CAE72892E6A&partnerref=ieee&sourcepage=register ]
> For full article, go to
The point is that the long hash values included in every URL sent to the
subscriber are unique to each newsletter recipient. Thus, Real Magnet
is able to log the unique identity of which subscriber each logged click
came from. They are able to know that it's _you_ (or someone you
forwarded your e-mail to) at 9:43AM and 13 seconds who clicked on this
link, and then you proceeded to this other link a few seconds later, and
so on -- extremely detailed and individualised behavioural tracking.