On Tue, Jul 08, 2003 at 09:19:07AM -0400, Barry Warsaw wrote:
> On Tue, 2003-07-08 at 01:49, Chuq Von Rospach wrote:
> > So I'm worried that someone's figured out how to circumvent yahoo's
> > confirmation process. I wanted to bring this up with Yahoo, but they
> > evidently weren't interested.
> Okay, so /that/ sucks.
> > (and the reason I'm posting this to mailman-developers: just a general
> > question, since I haven't had time to look it up myself: does the
> > mailman confirmation process use an algorithm that could potentially be
> > reverse engineered? If it happened to Yahoo, it could happen to
> > Mailman. Even if it didn't happen to Yahoo, it could happen to other
> > services if their confirmations can be predicted in some way.
> But maybe I'm missing an obvious hole, either in the cookie generation
> or somewhere else in the confirmation process.
The only obvious hole I see is interception of the outgoing message
containing the cookie...
Jim Trigg, Lord High Everything Else O- /"\
\ / ASCII RIBBON CAMPAIGN
Hostmaster, Huie Kin family website X HELP CURE HTML MAIL
Verger, All Saints Church - Sharon Chapel / \