More than likely this new found knowledge of mine has been
seen/thought of thousands of times before but it is new to me.
If I wanted to get a list of all the sites that have suns (say I knew
some details about a bug I could exploit ;-) then what is stopping me
sending a mail message to, say, the sun-managers mailing list with
something innocuous like "anyone got a format.dat for a ST11480" BUT I
put a "Return-Receipt-To" in the message so all the mailer daemons
that recieve the message will send back a nice message saying "got
it". Would this not immediately give me a list of places that
are *very* likely to have suns on their network? and hence could be
targets for my attacks?
Are all mailing lists equal in this or do some protect the people on
the list from this sort of "census" taking?
--
Brett Lymn, Computer Systems Administrator, AWA Defence Industries
===============================================================================
"Where a calculator on the ENIAC is equipped with 18,000 vaccuum tubes
and weighs 30 tons, computers in the future may have only 1,000 vaccuum
tubes and perhaps weigh 1 1/2 tons."
-- Popular Mechanics, March 1949
|
|
