Does Majordomo Mean Major Spam?

from the spammer-techniques dept

Brian McWilliams who points out that I've complained about his "hacker journalism" style before, still writes in with a link to his latest story about how the default setup of the popular mailing list software, majordomo makes it easy for spammers to get everyone's address. This isn't new, of course, but Brian has worked out that many lists (including those at large companies, government agencies, and military groups) are completely open this way. This seems to fall under the "it's not a bug, it's a feature" category of security holes. The opening is because, in the days before spam, people wanted to know who else was on the mailing lists they were on - and most people saw no problem with that. It's just now that spam (and privacy) has become an issue that people are growing increasingly concerned. I'm not sure it's that big of a deal and there's no evidence that any spammer has actually used this technique - but it does suggest that suddenly, beyond just worrying about the privacy policy for lists you sign up on, you might also want to check out what mailing list software they're using. As for my complaints about Brian's "hacker journalism", they're based on the fact that many of his stories end up being overhyped. For example, this story is about an obsolete feature that should be taken out of majordomo - but the story is written as if spammers are drooling all over it. That may be true, but there's no evidence. I do like Brian's articles, and link to them frequently - because they expose stories that no other reporters are working on. I just don't like them being blown out of proportion - which always seems to happen with any story about hacking vulnerabilities. They've followed this pattern ever since there was lots of hype about how he "hacked" into "Saddam Hussein's email account" - when he simply guessed the (incredibly easy) password to the general account for Iraq's only ISP. So, Brian, keep writing these original stories, but tone down the hype.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Brian McWilliams, 5 Sep 2003 @ 6:20pm

    Hype?

    Of my Majordomo Spam story, Mike wrote: I'm not sure it's that big of a deal and there's no evidence that any spammer has actually used this technique.

    Not a big deal? So tell us, Mike, why don't you publish your e-mail address at your site? :)

    AOL and other online services have blocked access to their member directories for years to prevent this kind of e-mail address harvesting. Yet Sun and a bunch of other outfits that should know better are leaving hundreds of thousands of addresses hooverable by spammers via Majordomo.

    You may call it hype, but to me, that's worth telling people about.

    Allow me please to clear up something about "hacking" Saddam. I never said I hacked him. In fact, if you take the trouble to read the Wired News article I wrote about it, I never even claimed it took much effort to get into the "press" account. What I found noteworthy about the whole incident were the things that people around the world were writing to Saddam -- not the fact that the account was using a default password.

    The mainstream press jumped on that story and simplified it to the soundbite "journalist hacks Saddam."

    Bottom line, since you call your site Tech Dirt, thanks for encouraging, rather than disparaging, journalists who are trying to dig a little ...

    Cheers,

    Brian

    link to this | view in thread ]

  2. icon
    Mike (profile), 5 Sep 2003 @ 7:18pm

    Re: Hype?

    Er. My email address is right here in every comment...

    Point taken on the Saddam story. As I said, I do appreciate that you dig and come up with original stories. They just often come off as sensationalistic - as if they're bigger stories than they really are. They're good stories, and they're different, and they involve some real work on your end, which I appreciate. I wish more reporters would do so. I just worry when the hype overtakes the core of the story - and that's what I try to point out.

    If I didn't like your stories, I wouldn't post them at all. It's just that when I read your stories, it's sometimes difficult to distinguish the hype from the story.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.