lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: ka at khidr.net (Ka) Subject: Bugtraq postings from non-members may disclose some list-member's addresses -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings, yesterday I posted something to full-disclosure and at the same time to bugtraq, but did so unintentionally from an email address which is not subscribed to bugtraq (I simply responded to a posting from Gossi the dog with "reply to all"). Intentionally I'm doing the same with this message - it's allways good to have a test case, isn't it? .o) As a result, I'm getting all the bouncing list-emails delivered back to me personally, i.e. all MTAs of members with delivery problems or vacation messages set up send their bounce message to me instead of back to the bugtraq administration. Obviously under the described circumstances the Return-Path: header is not set by the bugtraq list software. The few examples where the headers of my original posting where sent back to me as part of an "message undeliverable" error, show that the mail came from lists.securityfocus.com. The first MTA was allways specified as Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) by outgoing.securityfocus.com (Postfix) with QMQP id D55EEA373E; Wed, 25 Sep 2002 12:55:59 -0600 (MDT) And of course there was no Return-Path: set. Since yesterday I learned, which members have their mailbox full, are out of office, or fucked up their .forward files into undeliverabilty (if there is such a word in English). Not many members BTW, but enough for a good party. Severity: low Fun-Factor: high Vendor notified: neahneah - would've spoiled the fun otherwise. Have a nice day! Ka - -- Better a newer mind than a never mind. But best to run around out of no mind. http://www.khidr.net/users/ka/pgpkey.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9kzRX72vu22ltWBERAqLVAJ4iSWXnDvzhk8ipQ+G+oyEKLyWoEgCeIGWz 5ANkI0TLVQ2MjOfXPSEMP7c= =jwYF -----END PGP SIGNATURE-----
Powered by blists - more mailing lists