mailing list archives
Re: Intel.com Mailing List Arbitrary Address Removal Link
From: "Ryan M Harris" <rmharris () acdinc net>
Date: Fri, 8 Feb 2002 09:12:29 -0500
This is kind of funny, I reported this exact problem to them (grc.com) on
earlier in the week.
I got this response on Wednesday, the 6th:
It's not out of laziness or lack of concern or attention that we've
deliberately chosen not to take any of the measures you've suggested -
just that we think it's overkill to put everyone through such measures
something that's just not going to be much of a problem.
As you probably know, *ANY* and *EVERY* message that's ever sent by this
facility will contain a hyper link that takes the recipient directly to
their own eMail database page where they can edit and/or delete their
We've been literally FLOODED with praise about the simplicity of
the system which, we're sure, is due in part to the lack of passwords,
hints, clues, confirmations, and the like.
Ryan M Harris
rmharris () acdinc net
----- Original Message -----
From: "Thierry Zoller" <support () sniff-em com>
To: <rdnktrk () hotmail com>
Cc: <bugtraq () securityfocus com>
Sent: Wednesday, February 06, 2002 4:17 PM
Subject: Re: Intel.com Mailing List Arbitrary Address Removal Link
While Intel requires you to login to modify account information, it does
require you to login to remove your e-mail (or any e-mail) from its mailing
This issue is valuable for plenty of mailing lists, as example take the GRC
mailing list :
(POST) therefor no direct link here. Enter whatever e-mail address and
select "delete membership".
As for moderation, I thought specific vulnerabilities (i.e intel.com is
vulnerable to etc) wouldn't be posted.