Mark Sapiro wrote:
If by "firing off a confirm", you mean attempting to subscribe them to the list which then triggers a confirmation, I think this seems likely.
Yes, that is what I mean.
So what do we have.
Someone is somehow watching this public list and getting addresses of (some, all?) first time posters to this list and attempting to subscribe those addresses to some other list.
There doesn't seem to be any security issue here. as this list is public and anyone can subscribe to it or visit its archive. The fact that both this list and the target list are Mailman lists may be relevant in some way (in the mind of the perpetrator), but it doesn't imply a Mailman issue. The annoyance factor is minimal. You get the confirmation and ignore it. Nothing further happens.
Yes, now that we uncovered what was happening, it appears fairly innocuous. But when it happened I have to say that it was a bit unnerving since I obviously had just installed mailman and wondered "what the heck is going on".
Yes, obviously NOT a security issue. I was simply debunking the "hijacked browser" scenario and wanted to get to the bottom of it.It doesn't seem to me that there is any security issue, Mailman issue or other issue here that we as a group can do anything about.
Thanks
-s ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
