Interesting People mailing list archives
Some IP admin trivia and info
From: Dave Farber <dave () farber net>
Date: Fri, 20 Sep 2002 18:19:13 -0400
SUBSCRIBING =========== To subscribe to IP, send an email message to "subscribe-ip () v2 listbox com". This will subscribe you using the account from which you send the message. If you want to subscribe with some other address, you'll have to send a message to ip-request () v2 listbox com that says subscribe other-address@your_site.your_net You will be asked to reply to a confirmation message to complete your subscription. UNSUBSCRIBING ============= To unsubscribe from IP, send a message to "unsubscribe-ip () v2 listbox com". This will unsubscribe the account from which you send the message. If you are subscribed with some other address, you'll have to send a message to ip-request () v2 listbox com that says unsubscribe other-address@your_site.your_net The bottom of every post to the list shows the address that you are subscribed as. ARCHIVES ======== http://www.interesting-people.org/archives/interesting-people/ FOR HACKERS =========== In the past, various individuals have attempted to discover weaknesses in the old system. Some of them have succeeded. The following describes the security features of the new Listbox2 architecture. Forging Posts Some moderated mailing lists automatically approve posts if the "From:" address is on a whitelist. An attacker can forge a "From:" address and thus bypass moderation. This mailing list does not look at the "From:" address; instead it requires a special password, known only to the listowner, to be included in the headers of every message. That password is removed before the message goes out to the list. Forging subscriptions All subscriptions require a confirmation reply. This prevents attackers from forging subscription requests and listbombing an innocent party. Almost all mailing list managers today support this feature. Forging unsubscriptions To make it easy for people to get off the list, unsubscribe requests are not challenged by default; only an after-the-fact notification is sent to the unsubscribed party. This opens the door to an attacker maliciously unsubscribing an innocent party. If this occurs, the innocent party will at least receive notification, and they can proceed to set a password on their subscription to foil future attempts. If the problem becomes serious, the listowner can choose to require challenge/confirmation, or set a password on each subscription. To our knowledge, this has never been necessary. We hope that the above description satisfies the hacker's curiosity so that they feel no need to test it. Forging bounces We track bouncing subscribers using VERP. Under traditional VERP, bounces can be forged because the standard VERP header contains the username and the listname, and an attacker can generate enough bogus bounce messages to cause a list manager to unsubscribe an innocent party. Our VERP includes a per-subscriber unique string which makes forgery more difficult. In conclusion To our knowledge, no malicious person has ever attempted any of the above attacks (with the sole exception of listbombing). So these features are there to counter people who only want to demonstrate a vulnerability. If you can think of another way to outsmart the system, please don't experiment with the production services; mail support () listbox com and we will set up a demo list for you to test with. ------------------------------------- You are subscribed as interesting-people () lists elistx com Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- Some IP admin trivia and info Dave Farber (Sep 20)