Date: Fri, 9 Feb 2001 19:14:11 -0000 From: **1st Vamp** <wes@pmason.karoo.co.uk> To: security@FreeBSD.ORG Subject: Re: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE Message-ID: <E14RIz8-00061F-00@smtpout.kingston-internet.net>
next in thread | raw e-mail | index | archive | help
Seems like the announce lists use majordomo to just check the From: header line, my best suggestion would be that the admins of the lists use a server (closed) posting solution, ergo you have to log in in order to post an announcement. - Vamp : On Fri, Feb 09, 2001 at 05:44:45PM +0100, Eric Cholet wrote: :> I received the following, what worries me is that the PGP signature :> verified, and it's not April 1st. WTF ?? : AFAIK it was not at all signed... unlike previous attempts by the same : "funny" person. But what got me worried (and what nobody apparently : understood from my post from yesterday) that this time the prankster : managed to post on both freebsd-announce and freebsd-security-announce, : which are supposed to be closed and moderated lists. : So does this effectively mean, that just by forging a From: header, I can : already post whatever I want on -announce? (An allegedly trusted resource) : If so, we (freebsd.org) have a security problem. (Hence the post on : -security, since we do not have any *public* mailing list for discussing : security matters wrt freebsd.org itself, before anyone asks again.) : If my allegation is not true, then what happened? : -- : Regards: : Szilveszter ADAM : Szeged University : Szeged Hungary : To Unsubscribe: send mail to majordomo@FreeBSD.org : with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E14RIz8-00061F-00>