Mark Sapiro wrote:

If by "firing off a confirm", you mean attempting to subscribe them to
the list which then triggers a confirmation, I think this seems likely.



Yes, that is what I mean.

So what do we have.

Someone is somehow watching this public list and getting addresses of
(some, all?) first time posters to this list and attempting to
subscribe those addresses to some other list.

There doesn't seem to be any security issue here. as this list is
public and anyone can subscribe to it or visit its archive. The fact
that both this list and the target list are Mailman lists may be
relevant in some way (in the mind of the perpetrator), but it doesn't
imply a Mailman issue. The annoyance factor is minimal. You get the
confirmation and ignore it. Nothing further happens.




Yes, now that we uncovered what was happening, it appears fairly innocuous. But when it happened I have to say that it was a bit unnerving since I obviously had just installed mailman and wondered "what the heck is going on".


It doesn't seem to me that there is any security issue, Mailman issue
or other issue here that we as a group can do anything about.



Yes, obviously NOT a security issue. I was simply debunking the "hijacked browser" scenario and wanted to get to the bottom of it.

Thanks

-s
------------------------------------------------------
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp

Reply via email to