Original Sender : "Yudi Wijaya" <[EMAIL PROTECTED]>
---------------------------------
Hi, coba baca artikel dibawah tentang keamanan di egroups, artikel dibawah
merupakan salah satu dari koleksi www.taruma.cjb.net (TARUMA Computer Club)
> Gue pernah gitu ... tapi tetep nggak bisa ngutak-atik setting milis orang
> lain.
> Kalau bisa sih ghawattttt bangetttt !
>
> Tom
>
> ----- Original Message -----
> From: "Acong, temennya Joko & Sitorus" <[EMAIL PROTECTED]>
> > mau share pengalaman...
> > selama 3 hari yg lalu, kompie gue nginep di lab...
> > trus, pas login di egroups, lho...kok malah jadi admin milis lain??
> > padahal udah masukin login + password yg bener...
Date: Sat, 24 Apr 1999 08:59:19 +0300
From: Philip Stoev <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: eGROUPS security flaw
eGROUPS (wwww.egroups.com) is a web site providing mailing list services.
The mailing lists (aka groups) can be moderated, and the moderator can
approve/revoke posted messages by sending blank emails to certain addresses
in the egroups system. This makes it trivial for anyone to approve a
message without being a moderator.
1. Take a look at the header of some previous message sent to the group.
Extract the following header line:
Return-Path: <[EMAIL PROTECTED]>
the number XXX here is a sequence number assigned to each message sent to
the group.
2. Send the message you want to send to the list. The message will be sent
to the moderator for approval.
3. Send 256 blank messages to addresses like:
[EMAIL PROTECTED]
Where
ZZ is a hexadecimal number from 00 to FF.
YYY is XXX + 1;
The presence of the ZZ number appears to be an attempt to put some security
into the entire system. However, this number is constant for each group and
does not change in time. Once guessed, subsequent messages can be approved
with a single email.
Your message will appear as if approved by the moderator and will be
distributed to the group. No header spoofing is necessary, because the
eGROUPS system does not check the source address of the incoming messages.
eGROUPS was notified exactly one week ago.
Philip Stoev
-Prepare for SAT & TOEFL at http://studywiz.hypermart.net
=This message was sent by Philip Stoev ([EMAIL PROTECTED])
=tel: (359 2) 715949, ICQ: 23465869
,,,,
/'^'\ CU, Yudi Wijaya
( o o ) webmaster, resourcer
---oOOO--(_)--OOOo---------------------------------
.oooO Homepage, www.yudiw.cjb.net
( ) Oooo. E-Mail, [EMAIL PROTECTED]
------\ (--------( )--------------------------------------
\_) ) /
(_/
----------------------------------------------------------------
Compu-Mania MailingList is provided by PT Centrin Utama
Maintained by : [EMAIL PROTECTED]
To Post a msg : Send mail to [EMAIL PROTECTED]
To Unsubscribe : Mail to [EMAIL PROTECTED]
BODY : unsubscribe Compu-Mania
For more information, send mail to [EMAIL PROTECTED]
with "HELP" in the BODY of your mail (without quote).
----------------------------------------------------------------
