[Top] [All Lists]

Re: best name for followups?

1997-07-18 17:05:06
Sorry if my sarcasm wasn't obvious. I don't agree with Metzger; I think
Metzger is an idiot.

b) Malicious user gets his copy, and sends you *directly* something altered,
but with the same message-id.

A different attack, less commonly exploitable but much more reliable, is
in the following situation:

   From: you(_at_)isp(_dot_)net
   To: attacker(_at_)host(_dot_)edu, mailing-list(_at_)host(_dot_)edu

If both and are running sendmail, the attacker can run
a program that sends a prepared message to mailing-list, copying your
Message-ID, and then pauses for a few seconds.

Set up a new mailing list in a single command.

<Prev in Thread] Current Thread [Next in Thread>