[Mailman-Users] report of break in

Eli Cohen elicohen at informingscience.org
Mon Dec 27 19:21:07 CET 2004



I discovered this week a security breach that affected Mailman, after an
email was sent out, that started as follows:


From: Newsletter-bounces at israelupdate.info
[mailto:Newsletter-bounces at israelupdate.info]On
<mailto:Newsletter-bounces at israelupdate.info%5dOn>  Behalf Of MADAM GLADYS
Sent: Monday, December 27, 2004 6:42 AM
To: Newsletter at israelupdate.info
Subject: [IAC Newsletter] URGENT ATTN

You are receiving this newsletter because you requested it. To Unsubscribe
or change your settings (vacation stop, plain text only, daily digest only,
...), please visit http://Update.IsraelUpdate.Info . <-- this is my header
My Dear ,
I am Mrs Gladys Ada from liberia. I am a widow being that I lost my husband
a couple of months ago. My husband was a serving director of the Cocoa
exporting boarduntil his death He was assassinated last january by the
rebels following the political uprising. Before his death he had a foreign
account here in Capital Point Financial Corporation in Emirates up to the
tune of ($34.5m) .


When viewing the page
mailman/admin/newsletter_israelupdate.info/privacy/sender, I discovered that
Mrs. Ada's name and email address added to non-members allowed to post.


Yes, I am using version 2.1.5.


I am using a shared host (on esc01.midphase.com).  (I would copy this to
support @ midPhase, but they do not accept email contact.)


Thought you might want to know.



Dr. Eli Cohen

More information about the Mailman-Users mailing list