[3279] in WWW Security List Archive
Re: FWD: Re: you creeps
daemon@ATHENA.MIT.EDU (Bill Casti, CQA)
Thu Oct 17 10:06:11 1996
Date: Thu, 17 Oct 1996 07:34:53 -0400 (EDT)
From: "Bill Casti, CQA" <quire@casti.com>
To: www-security@ns2.rutgers.edu
In-Reply-To: <Pine.ULT.3.95.961016100932.16335D-100000@red5.cac.washington.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
You can disable the "get subscriber list" function, too. And, that's
certainly not the full list of subscribers here.
Bill
On Wed, 16 Oct 1996, Dave Dittrich wrote:
> > >I've contacted the system administrator at infonex.com....loki@OBSCURA.COM
> > >
> > >Looks like it may be time to make this a moderated list....??
> >
> > I think the list can be configured so that only subscribers can post without
> > the burden of moderation.
> >
> > Cheers,
> > Harry
>
> It may be too late to do that. Currently, anyone can get a list of
> all the subscribers and it isn't rocket science (heck, it's not even
> science) to fake email as a subscriber:
>
> >>>> who www-security
> Members of list 'www-security':
>
> www-archive@noc.rutgers.edu
> drummond@aristarchus.rutgers.edu (Walt Drummond)
> "Simon Cooper" <sc@corp.sgi.com>
> rapatel@theophilus.rutgers.edu (Rocky - Rakesh Patel)
> luchihli@noc.rutgers.edu
> Mel Pleasant <pleasant@sgi.com>
> Charlie Kaufman <kaufman@iris.com>
> chang@cs.umd.edu (Michael Chang)
>
