Michael, as usual you're simply incredible. We should get dinner when you guys are in town.
> -----Original Message----- > From: Ben Doom [mailto:[EMAIL PROTECTED] > Sent: Sunday, June 18, 2006 11:34 AM > To: CF-Community > Subject: Re: MikeD Spam > > > Wow. I'm impressed you've found the hole and a patch so quickly. > Maybe you should go work for Microsoft..... They could use the help. > > Please don't think I was complaining, BTW. I was just surprised as > heck (and more than a little amused that they used your account). > > Considering this is the first time I've seen actual, literal Spam (as > opposed to an individual out touting a product manually) I've chosen > to be impressed with the determination it must have taken to get > around your safeguards. Of course, there is one problem with the > element of surprise -- if you don't make it count the first time, it's > pretty useless. :-) > > Anyway, I'll stop pestering you now. Enjoy your Sunday! > > --Ben > > On 6/18/06, Michael Dinowitz <[EMAIL PROTECTED]> wrote: > > What they did was find a way past the site based security to > post under my > > account (i.e. userid 1). This is actually not so hard if you > write a spambot > > that forges cookies. The problem is, posting from the interface > kills off > > all HTML style formatting and the content sent was not flagged > as base64 or > > anything else. i.e. it was just a jumble of letters. I think > the spammer saw > > this and just stopped because if it actually worked they would > have done it > > a LOT more to all of the lists. > > I'm closing the hole now. > > > > Bottom line is that the filters are all ok but the site security can be > > breached by someone who subscribes and dissects their cookies. > Not for very > > long (i.e. I'm working on the code now) > > > > > > >I think the spambots finally figured out how to get past > MikeD's filters... > > > Or was I the only one who got spammed "by" the listmaster himself? > > > > > > -- > > > "The difference between theory and reality is that, > > > in theory, there is no difference." > > > --Ben > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:5:209685 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/5 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:5 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
