Check it Out!

RideCamp@endurance.net

[Date Prev]	[Date Next]	[Thread Prev]	[Thread Next]
[Date Index]	[Thread Index]	[Author Index]	[Subject Index]

Security Hole?

To: guest@endurance.net
Subject: Security Hole?
From: "Linda B. Merims" <lbm@ici.net>
Date: Fri, 24 Nov 2000 12:10:55 -0800
CC: steph@endurance.net
Reply-To: lbm@ici.net

I said:

>To: guest@endurance.net 
>Subject: Donna's Column 
>From: "Linda B. Merims" <lbm@ici.net> 
>Date: Fri, 24 Nov 2000 11:28:16 -0800 
>Reply-To: lbm@ici.net 
>
>
>...
>Actually, I didn't know you could send posts directly
>to guest@endurance.net.  I thought you had to type in replies
>through the web page. If this reply (sent by email) works, then sending
>to guest@endurance.net works. If it doesn't work, then it means it only
>works if you are already a subscriber to Ridecamp...

Yup, it worked.  Anyone can get their post on Ridecamp
merely by sending email to guest@endurance.net.  It shows up as sent
from lbm@ici.net, even though I am *not* currently a Ridecamp
subscriber.

I think this is a security hole.  I am pretty sure that I had
tried this before and it didn't work.  Now it does.  People will
remember that one of the major reasons the whole web subscriber/guest
mechanism was set up in the first place several years ago was
that nasty business with an anonymous sender slandering a
Ridecamp contributor and hiding behind the system's then-lack of
mechanisms to identify and screen submissions. 

Steph?  Michael Maul?  Whose problem is this?

Linda B. Merims
lbm@ici.net
Masschusetts, USA

Prev by Date: Fw: Re: you go girls!
Next by Date: Test
Prev by thread: trailer ad/horse ad
Next by thread: Test
Index(es):
- Date
- Thread

Check it Out!

Home Events Groups Rider Directory Market RideCamp Stuff

Back to TOC