[24191] in bugtraq
RE: Intel.com Mailing List Arbitrary Address Removal Link
daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Knud_Erik_H=F8jgaar)
Fri Feb 8 13:29:02 2002
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Date: Fri, 8 Feb 2002 10:16:57 +0100
Message-ID: <6096F6426539904EB650ED340F28450B18A8F8@Helium.cc.CyberCity.dk>
From: =?iso-8859-1?Q?Knud_Erik_H=F8jgaard?= <knud@cybercity.dk>
To: "E M" <rdnktrk@hotmail.com>, <bugtraq@securityfocus.com>
Content-Transfer-Encoding: 8bit
[original posting snipped up with crooked scissors]
cnn.com has similar stuff with their mailing lists. The best
part about their lists is that they require no 'approval' of
joining the list - they just start sending you mails. Always great coming back from a holiday just to see your mailbox flooded with a few hundred mails.
useless side note: cnn is completely unresponsive to requests like 'what ip submitted the ŽjoinŽ request' 'please block my address from your list' etc. - perhaps one should just ignore mails from cnn.com - but perhaps the president will contact me one day when he's at cnn :)
-Knud
> -----Original Message-----
> From: E M [mailto:rdnktrk@hotmail.com]
> Sent: 6. februar 2002 01:16
> To: bugtraq@securityfocus.com
> While Intel requires you to login to modify account
> information, it does not
> require you to login to remove your e-mail (or any e-mail)
> from its mailing
> list database.
>
> .: Example :.
>
> To Remove someone@domain.com
> http://intel.m0.net/m/u/ien/i.asp?e=someone%40domain.com
>
>
> Removal of users from Mailing List without authorization.
> - Low
>
>
> An oversight which should be resolved by requiring login prior to
> unsubscription from the list.
