Here is how i found and Reported a Potential Newsletter Misconfiguration in Graham Cluley's Security Newsletter



Note: Blog post for educational use only. Do not use this method for spamming anyone!

Newsletters are very useful to deliver latest advancements in areas of  your personal interest by legitimate companies and blogs directly to your inbox. One has to personally subscribe for newsletters to receive newsletters. But this is not always the case , Sometimes anyone with your personal email address can bomb your inbox with unnecessary newsletters.

I found an potential issue with Graham Cluley's Security Newsletter which bad guys might have used for spamming. Here is the screenshot i sent to Graham Cluley sir regarding that issue.




The name field can be given as ' click me https://kali.org ' , i am using Kali linux website because it's harmless. And i gave my email address to get the newsletter!



Here is the final surprise , I have notified Graham Cluley Security Newsletter and It has been now hardened to prevent this Issue. 
 

It was really great experiance to discover a  potential flaw and  responsibly disclose it to people concerned to keep the web a safe place for everyone.

Comments

Popular posts from this blog

MY PGP KEY

Unblocking Websites using my AntiCensorship Tool in C

Defeating Antivirus detection of malicious links using Googleweblight.