How this tracking (and more) was done using an image in an email?

As reported in the NY Times, there was some type of electronic spying in a high-profile military trial. Its claimed that the prosecutors were spying on the defense:

The court-martial … has been thrown into turmoil by, of all things, a harmless-looking image of a bald eagle perched on the scales of justice.

The bit of digital artwork, embedded in an email message, contained hidden software that could track if anyone read or forwarded the email, and may have also been able to allow access to all communications and files on the recipients’ computers, defense lawyers argue in court filings.

I’m interested in what specifically happened here, if it is publicly known. I didn’t think simply viewing an image in an email could be used to execute any kind of malware on a recipient’s PC. Perhaps a vulnerability in a specific email client was taken advantage of?

Further quotes from the article:

[the senders] acknowledged in a statement it used “an audit capability” in the course of its investigation into the leaks, but said, “It is not malware, not a virus, and does not reside on computer systems. There is no risk that systems are corrupted or compromised.”

Defense lawyers grew suspicious when the bald-eagle image did not load correctly on some email accounts, and instead appeared as a hyperlink to a nonmilitary server.

A screenshot of one of the emails:

enter image description here

I could see how the embedded image could be used to identify which recipients viewed the email (or at least their IP perhaps) but no more than that.

How to determine why Windows security event log ID 4624 are occurring and what is being done on my computer? [migrated]

I work for a smaller company that has an IT guy that is a real hot-head, who thinks he’s God. I’ve noticed lately that I have a bunch of event ID 4624 (successful logon) events popping up in my Windows security event log with his user name. It doesn’t appear to be some scheduled job because they are random throughout the day. I’m seeing 10-20 of these logon events with the IT guy’s user name per day.

What could these logon events be?

If he is “secretly” logging on to my computer, how can I determine what he’s doing?

Here’s a little snippet of the event text:

Log Name:      Security Source:        Microsoft-Windows-Security-Auditing Date:          5/14/2019 8:17:04 AM Event ID:      4624 Task Category: Logon Level:         Information Keywords:      Audit Success User:          N/A  Description: An account was successfully logged on.  Subject:     Security ID:        NULL SID     Account Name:       -     Account Domain:     -     Logon ID:       0x0  Logon Information:     Logon Type:     3     Restricted Admin Mode:  -     Virtual Account:        No     Elevated Token:     No  New Logon:     Security ID:        domain\ITguyuser     Account Name:       ITguyuser     Account Domain:     domain 

ffmpeg pipe from Openframeworks OFXVideoRecord, frame= fps= q= size= even when done until i kill Xcode process 2nd time

I am using OFXVideoRecord and hacking it for offline video recording

execThread: starting command: bash –login -c ‘ffmpeg -y -i ../../../data/beat.wav -r 30 -s 1280×720 -f rawvideo -pix_fmt rgb24 -i “/Users/mikegao/Documents/Visual/shapes/bin/data/ofxvrpipe0” -r 30 -vcodec mpeg4 -b 3200k -acodec mp3 -ab 128k “/Users/mikegao/Documents/Visual/shapes/bin/data/result2019-04-30-03-52-00-078.mp4″‘ &

If I leave out the first -i beat.wav, it generates a regular video just fine and closes after its done. If I add the -i beat.wav, it will keep printing frame= 3687 fps= 38 q=26.9 size= 50046kB time=00:02:02.86 bitrate=3336.8kbits/s speed=1.26x
frame= 3687 fps= 38 q=26.9 size= 50046kB time=00:02:02.86 bitrate=3336.8kbits/s speed=1.25x
frame= 3687 fps= 37 q=26.9 size= 50046kB time=00:02:02.86 bitrate=3336.8kbits/s speed=1.25x
frame= 3687 fps= 37 q=26.9 size= 50046kB time=00:02:02.86 bitrate=3336.8kbits/s speed=1.24x
frame= 3687 fps= 37 q=26.9 size= 50046kB time=00:02:02.86 bitrate=3336.8kbits/s speed=1.24x
frame= 3687 fps= 37 q=26.9 size= 50046kB time=00:02:02.86 bitrate=3336.8kbits/s speed=1.23x
frame= 3687 fps= 37 q=26.9 size= 50046kB time=00:02:02.86 bitrate=3336.8kbits/s speed=1.22x
frame= 3687 fps= 37 q=26.9 size= 50046kB time=00:02:02.86 bitrate=3336.8kbits/s speed=1.22x
frame= 3687 fps= 36 q=26.9 size= 50046kB time=00:02:02.86 bitrate=3336.8kbits/s speed=1.21x
frame= 3687 fps= 36 q=26.9 size= 50046kB time=00:02:02.86 bitrate=3336.8kbits/s speed= 1.2x
frame= 3687 fps= 36 q=26.9 size= 50046kB time=00:02:02.86 bitrate=3336.8kbits/s speed= 1.2x
frame= 3687 fps= 36 q=26.9 size= 50046kB time=00:02:02.86 bitrate=3336.8kbits/s speed=1.19x
frame= 3687 fps= 36 q=26.9 size= 50046kB time=00:02:02.86 bitrate=3336.8kbits/s speed=1.19x
frame= 3687 fps= 35 q=26.9 size= 50046kB time=00:02:02.86 bitrate=3336.8kbits/s speed=1.18x
frame= 3687 fps= 35 q=26.9 Lsize= 50228kB time=00:02:02.88 bitrate=3348.5kbits/s speed=1.18x

until I press stop in Xcode a second time (to kill the other command on other thread probably), then the video is written perfect:

video:48220kB audio:1920kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: 0.175411%

Upgrade from 18.10 to 19.04 – showed kernel error, but rebooted and seems to be fine. Anything to be done?

My Ubuntu 18.10 laptop prompted the 19.04 upgrade yesterday and I went ahead and upgraded it the GUI way. Towards the end it showed errors with kernel upgrade and displayed a message that says something like a restore will be attempted or so. But once I rebooted all looked good. It shows Ubuntu 19.04 as the current version and “uname -r” is showing kernel version 5. Is there anything else to be checked or is it good?