adam,
@adam@hax0rbana.social avatar

#ShowerThoughts #Security #Infosec

You have unauthenticated write access to every account on all of Google's mail servers.

Not arbitrary write access, and no read access for accounts that do not belong to you, but you can write to the mail spool or Mailbox directory for everyone. This is not only desirable, but a hard requirement.

And it's not just Google, it's every mail public server, and everyone has this access!

It's just a different way to think about access control and security. #fun

zwol,

@adam Reminds me of a paper I read in, uh, probably 1996 or so, about one of the early network backup systems, in which the authors pointed out that unlike most applications, read (restore) privilege needed to be considered more sensitive than write (backup) privilege.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • infosec
  • hgfsjryuu7
  • rosin
  • osvaldo12
  • Backrooms
  • DreamBathrooms
  • magazineikmin
  • thenastyranch
  • Youngstown
  • slotface
  • InstantRegret
  • Durango
  • mdbf
  • kavyap
  • ethstaker
  • anitta
  • everett
  • GTA5RPClips
  • ngwrru68w68
  • modclub
  • khanakhh
  • tacticalgear
  • cisconetworking
  • tester
  • cubers
  • normalnudes
  • Leos
  • provamag3
  • JUstTest
  • All magazines