Mailing List CGatePro@mail.stalker.com Message #92568
From: Stefan Seiz <TalkLists@index-s.de>
Subject: Re: Speaking of CGP and Spam....
Date: Tue, 11 Sep 2007 20:08:57 +0200
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
On 11.09.2007 19:28 Uhr, John Rudd <jrudd@ucsc.edu> wrote:

> In the last month or two we've had 3 cases of independent sites in
> Africa compromising 3 different accounts (3 total, not 9 total ... 1 per
> site) and using them to send spam.  All of the reported messages came
> through webmail, but I'm sure if I just limited their webmail access
> they'd start using SMTP-Auth.

I'd guess if you don't require Webmailsessions to come from the SAME IP,
then it might be not too hard to hijack a webmail-session and thus maybe
effectively take ofer an account...

That is a general problem with session ids in URLs or even cookies...

--
Stefan Seiz <http://www.stefanseiz.com>
Spamto: <bin@imd.net>



Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster