Actually-
This is kind of funny, I reported this exact problem to them (grc.com) on
earlier in the week.
I got this response on Wednesday, the 6th:
....snip....
It's not out of laziness or lack of concern or attention that we've
deliberately chosen not to take any of the measures you've suggested -
it's
just that we think it's overkill to put everyone through such measures
for
something that's just not going to be much of a problem.
As you probably know, *ANY* and *EVERY* message that's ever sent by this
facility will contain a hyper link that takes the recipient directly to
their own eMail database page where they can edit and/or delete their
membership instantly.
....snip....
We've been literally FLOODED with praise about the simplicity of
the system which, we're sure, is due in part to the lack of passwords,
hints, clues, confirmations, and the like.
Regards,
Ryan M Harris
ACD Incorporated
rmharris@acdinc.net
----- Original Message -----
From: "Thierry Zoller" <support@sniff-em.com>
To: <rdnktrk@hotmail.com>
Cc: <bugtraq@securityfocus.com>
Sent: Wednesday, February 06, 2002 4:17 PM
Subject: Re: Intel.com Mailing List Arbitrary Address Removal Link
>While Intel requires you to login to modify account information, it does
not
>require you to login to remove your e-mail (or any e-mail) from its mailing
>list database.
This issue is valuable for plenty of mailing lists, as example take the GRC
mailing list :
Exemple :
http://grc.com/mail.htm
(POST) therefor no direct link here. Enter whatever e-mail address and
select "delete membership".
As for moderation, I thought specific vulnerabilities (i.e intel.com is
vulnerable to etc) wouldn't be posted.
==
Thierry Zoller
http://www.sniff-em.com
