--4BbZpS4xx+iYF6kJ Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Hi, My collegue Roy Froma was checking a httpd-log while debugging a web site script, and saw a strange looking=20 referer in the log. When he copied this URL to his browser, he was=20 suddenly reading somebody elses mail. Apparently this person had=20 clicked on a link to our site in his email.=20 The URL looked like this (wrapped for readability): http://www.mail2web.com/cgi-bin/readmsg.asp?listdirection=3D-1 &listperpage=3D10&msgnumber=3D1&abc=3DVERYLONGSTRINGGOINGONFORAGES After about five minutes the authentication expired, maybe due to the=20 legitimate owner of the mail logging off from the service. Mail2web seems to be some kind of pop-to-web gateway, offered by the webhosting service Softcom. Nice quote from the Mail2web site: "Mail2Web lets you to have control on your email without the hassle. Your activities are private and none of=20 them are being recorded." They have been notified. Patrick --=20 Patrick Oonk - PO1-6BONE - patrickat_private - www.pine.nl/~patrick Pine Internet B.V. GOAT666-RIPE PGP key ID BE7497F1 =20 Tel: +31-70-3111010 - Fax: +31-70-3111011 - http://www.pine.nl/ ---- Pine Security Digest - http://security.nl/ (Dutch) ---- Excuse of the day: Your excuse is: The electricity substation in the car park blew up. --4BbZpS4xx+iYF6kJ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQB1AwUBOIMcmPMOST2+dJfxAQE+igL/XME3nKLxTMbe0XQlEGgrbZrG4gf0/S5p nDn7JHIx08BfMLiFQXL2OL5EYqmJEDcpiUq9x2gqY9OwX5wwMqaCqsvNTD0YK7aC Hmvg2NYU/+ddmPcFY1rcoIi8WV/UKzFY =ZG3Y -----END PGP SIGNATURE----- --4BbZpS4xx+iYF6kJ--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:28:31 PDT