Prev-20 Home Next-20 1 msg [ GLSA 200805-08 ] InspIRCd: Denial of Service 6 msg Apache Server HTML Injection and UTF-7 XSS Vuln... 1 msg [USN-611-3] GStreamer Good Plugins vulnerability 1 msg [USN-611-2] vorbis-tools vulnerability 1 msg FLEA-2008-0008-1 firefox 1 msg [USN-611-1] Speex vulnerability 1 msg ezContents CMS Version 2.0.0 SQL Injection Vuln... 1 msg iDefense Security Advisory 05.07.08: Multiple V... 1 msg ZYWALL Referer Header XSS Vulnerability 1 msg iDefense Security Advisory 05.07.08: Multiple V... 1 msg iDefense Security Advisory 05.07.08: Multiple V... 1 msg [ GLSA 200805-04 ] eGroupWare: Multiple vulnera... 2 msg Re: After 6 months - fix available for Microsof... 1 msg Novell Client <= 4.91 SP4 Local Stack overfl... Exploiting Google MX servers as Open SMTP Relays \ pablo.ximenes (7 May 2008) . \ Michael Scheidell (10 May 2008) . . \ Todd T. Fries (10 May 2008) . . . \ Todd T. Fries (10 May 2008) . . . . \ Lamont Granquist (12 May 2008) . . . \ Bojan Zdrnja (12 May 2008) . . . \ Clifton Royston (12 May 2008) . \ Gadi Evron (10 May 2008) . \ pablo.ximenes (12 May 2008) 1 msg Vulnerability in Multiple Web Application 1 msg VBZooM <=V1.11 'reply.php' SQL Injection Vul... 1 msg Multiple XSS In TuxCMS All Version 1 msg [ GLSA 200805-03 ] Multiple X11 terminals: Loca... 1 msg [USN-610-1] LTSP vulnerability Prev-20 Home Next-20

Prev-Msg Prev-Thread Bugtraq May-2008 Next-Thread Next-Msg Subject: Re: Exploiting Google MX servers as Open SMTP Relays Group: Bugtraq From: Todd T. Fries Date: 10 May 2008 Yes this is very frustrating. The details are not so hard to guess. Unless this post is different, anyone can send an email to a nonexistent user at a google service and they accept it and bounce back to the envelope recipient. *sigh*. We are going back to the stone age by copying qmails default stupidity. This is doing very much harm. I would even go as far as to say that Google is making a business case for its latest purchase, postini, in a very evil way, every second this proble goes unsolved. *sigh* -- Todd Fries .. todd _____________________________________________ | \ 1.636.410.0632 (voice) | Free Daemon Consulting, LLC \ 1.405.227.9094 (voice) | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX) | "..in support of free software solutions." \ 1.700.227.9094 (IAXTEL) | \ 250797 (FWD) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A http://todd.fries.net/pgp.txt Penned by Michael Scheidell on 20080510 9:55.32, we have: | | | > From: <pablo.ximenes> | > Date: 7 May 2008 20:37:46 -0000 | > To: <bugtraq> | > Subject: Exploiting Google MX servers as Open SMTP Relays | > | > | > Vulnerability Report: | > | > As part of our recent work on the trust hierarchy that exists among email | > providers throughout the Internet, we have uncovered a serious security flaw | > in Ggoogle's free email service, Gmail. | > | > Disclosure: | > We have contacted Google about this issue and are waiting for their position | > before releasing further details. | > | | Don't hold our breath.. I have tried to get them to close this very hole for | maybe a year now. | | (see/'google' for posts in bugtraq and spamassassin users group showing | headers from unrelated domains sending spam through google mail servers.. | They ignore the emails to abuse) | | | -- | Michael Scheidell, CTO | >|SECNAP Network Security | Winner 2008 Network Products Guide Hot Companies | FreeBSD SpamAssassin Ports maintainer | | _________________________________________________________________________ | This email has been scanned and certified safe by SpammerTrap(r). | For Information please see http://www.spammertrap.com | _________________________________________________________________________ Prev-Msg Prev-Thread Bugtraq May-2008 Next-Thread Next-Msg

© 2004-2008 readlist.com