1994-08-03 - Re: Anonymous code name allocated. // penet hack

Header Data

From: doug@OpenMind.com (Doug Cutrell)
To: cactus@bibliob.slip.netcom.com>
Message Hash: 4781f15d8ba78ba1ef83559fefb14e1260a756dcdb4d17270444ab14882c8b30
Message ID: <aa6498201d02102372ed@[198.232.141.2]>
Reply To: N/A
UTC Datetime: 1994-08-03 00:46:09 UTC
Raw Date: Tue, 2 Aug 94 17:46:09 PDT

Raw message

From: doug@OpenMind.com (Doug Cutrell)
Date: Tue, 2 Aug 94 17:46:09 PDT
To: cactus@bibliob.slip.netcom.com>
Subject: Re: Anonymous code name allocated. // penet hack
Message-ID: <aa6498201d02102372ed@[198.232.141.2]>
MIME-Version: 1.0
Content-Type: text/plain


>On Tue, 2 Aug 1994, L. Todd Masco wrote:
>
>>  > It isn't even necessary to forge the return address, because majordomo
>>  > doesn't check.

>> In my experience, listservers will clear any commands that don't come from
>>  the person affected by passing them on for processing by the list
>>  maintainer as a security precaution.  I had assumed majordomo
>>  did this, but I'm not certain.

Tod and Robert are right, I was wrong... I just checked this by creating a
dummy account from a different address.  When I tried to unsubscribe the
dummy account from my usual account, I got a message telling me the request
had been deferred to the list owner.  So it's not *totally* trivial to mess
with the list...

Doug







Thread