Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Intel.com Mailing List Arbitrary Address Removal Link
From: "Ryan M Harris" <rmharris () acdinc net>
Date: Fri, 8 Feb 2002 09:12:29 -0500


This is kind of funny, I reported this exact problem to them (grc.com) on
earlier in the week.

I got this response on Wednesday, the 6th:


    It's not out of laziness or lack of concern or attention that we've
    deliberately chosen not to take any of the measures you've suggested -
    just that we think it's overkill to put everyone through such measures
    something that's just not going to be much of a problem.

    As you probably know, *ANY* and *EVERY* message that's ever sent by this
    facility will contain a hyper link that takes the recipient directly to
    their own eMail database page where they can edit and/or delete their
    membership instantly.


    We've been literally FLOODED with praise about the simplicity of
    the system which, we're sure, is due in part to the lack of passwords,
    hints, clues, confirmations, and the like.


Ryan M Harris
ACD Incorporated
rmharris () acdinc net

----- Original Message -----
From: "Thierry Zoller" <support () sniff-em com>
To: <rdnktrk () hotmail com>
Cc: <bugtraq () securityfocus com>
Sent: Wednesday, February 06, 2002 4:17 PM
Subject: Re: Intel.com Mailing List Arbitrary Address Removal Link

While Intel requires you to login to modify account information, it does
require you to login to remove your e-mail (or any e-mail) from its mailing
list database.

This issue is valuable for plenty of mailing lists, as example take the GRC
mailing list :

Exemple :
(POST) therefor no direct link here. Enter whatever e-mail address and
select "delete membership".
As for moderation, I thought specific vulnerabilities (i.e intel.com is
vulnerable to etc) wouldn't be posted.

Thierry Zoller

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]