[Mailman-Users] what gives?
sea23 at seasalt.org
sea23 at seasalt.org
Thu Feb 17 18:33:25 CET 2005
Mark Sapiro wrote:
>If by "firing off a confirm", you mean attempting to subscribe them to
>the list which then triggers a confirmation, I think this seems likely.
>
>
>
Yes, that is what I mean.
>So what do we have.
>
>Someone is somehow watching this public list and getting addresses of
>(some, all?) first time posters to this list and attempting to
>subscribe those addresses to some other list.
>
>There doesn't seem to be any security issue here. as this list is
>public and anyone can subscribe to it or visit its archive. The fact
>that both this list and the target list are Mailman lists may be
>relevant in some way (in the mind of the perpetrator), but it doesn't
>imply a Mailman issue. The annoyance factor is minimal. You get the
>confirmation and ignore it. Nothing further happens.
>
>
>
Yes, now that we uncovered what was happening, it appears fairly
innocuous. But when it happened I have to say that it was a bit
unnerving since I obviously had just installed mailman and wondered
"what the heck is going on".
>It doesn't seem to me that there is any security issue, Mailman issue
>or other issue here that we as a group can do anything about.
>
>
>
Yes, obviously NOT a security issue. I was simply debunking the
"hijacked browser" scenario and wanted to get to the bottom of it.
Thanks
-s
More information about the Mailman-Users
mailing list