U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Security

Discovering who is tracking your emails with UglyEmail

UglyEmail Chrome extension could help Google users to discover which are the companies on the web that track their email messages. Even if the following names don’t ring you a bell, companies like Yesware, Bananatag, and Streak are aware of your existence, to be more specific, they know when you open e-mail sent by one […]

Discovering who is tracking your emails with UglyEmail

UglyEmail Chrome extension could help Google users to discover which are the companies on the web that track their email messages.

Even if the following names don’t ring you a bell, companies like Yesware, Bananatag, and Streak are aware of your existence, to be more specific, they know when you open e-mail sent by one of their clients.

Now there is a way to check if someone is trying to track Gmail user using the Google extension uglyEmail, created by Sonny Tulyaganov. Tulyaganov explained how these companies track users in his conversation with Wired:

“[Streak] allowed users track emails, see when, where and what devices were used to view email… I tried it out and found it very disturbing, so decided to see who is actually tracking emails in my inbox.” said Tulyaganov.

The experts used a trick to track his emails, he added a transparent image in the body of the messages that when are opened by the recipient send back to the server it originated the information of the recipient.

This is the idea behind the development of the UglyEmail plugin according to the expert:

“simply insert a transparent 1×1 image into an email. When that email is opened, the image pings the server it originated from with information like the time, your location, and the device you’re using. It’s a read receipt on steroids that you never signed up for.” explained Tulyaganov.

By using UglyEmail users can identify email messages identifying messages embedding tracking images  from Yesware, Bananatag, and Streak. The emails identified with tracking pixels will appear with an eye icon next to the subject.

UglyEmail

In his interview with Wired, Tulyaganov confirmed that UglyEmail doesn’t store, save, or transmit any date from you’re your gmail account. There is also a plan to expand UglyEmail to other browsers like Firefox and Safari.

The developer has anticipated that UglyEmail will include more tracking services to its list allowing the users to verify who is attemting to track them.

Users that desire to completely prevent email tracking from the above companies can totally block the pixel tracking by using another chrome extension called  PixelBlock, that  “Automatically prevents all attempts, instead of Ugly Mail’s more passive strategy of simply informing you that they’re happening.”

About the Author Elsio Pinto

Elsio Pinto is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own bloghttp://high54security.blogspot.com/

Edited by Pierluigi Paganini

(Security Affairs –  email,   UglyEmail )