Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: n3td3v (xploitablegmail.com)
Date: Thu May 15 2008 - 18:46:43 CDT
If joebloggsgoogle.com is banned from a Google Group and
xploitablegmail.com is registered with that group,
joebloggsgoogle.com can subscribe to a mailing list such as
Full-Disclosure and start forwarding all messages xploitablegmail.com
sends to that mailing list if xploitablegmail.com is registered to
it, and directly post them to the Google Group joebloggsgoogle.com is
This is probably done by the banned joebloggsgoogle.com setting up a
filter on Gmail Settings > Filter > Matches:
Do this: Forward to (n3td3vgooglegroups.com).
Severity of this issue is obviously critical and you should switch the
victim's registered (xploitablegmail.com) e-mail address on a Google
Group to "moderate" as a work around, until Google Groups fixes this
Google Inc. (GOOG) was notified simultaneously as this security
advisory was published to the wild.
All the best,
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/