Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: MySpace e-mail importer rasies security concerns
From: "Kristian Hermansen" <kristian.hermansen () gmail com>
Date: Sun, 29 Jul 2007 12:29:32 -0400

On 7/29/07, "HACK THE GOV" <hackthegov () googlemail com> wrote:
"we've recently noticed the functionality of myspace in respect of the
e-mail importer raises privacy and security concerns.

Yea, it would be a dumb idea to use that feature.  Although, if you
really really really want to use it, it would be wise to temporarily
change your password, use the feature, and then set it back to
minimize the abuse potential.  Still a bad idea.

LinkedIn also has this functionality...
https://www.linkedin.com/secure/uploadContacts?displayWebMail=&trk=inv_webmail

e-mail address for their myspace account, instead of using an unknown
throw away e-mail address to login to their myspace account. you would
normally associate this kind of tool with the hacker underground, but
today folks its brought to you by design of the myspace team, who
obviously don't have the bigger picture of privacy and security in
mind.

LinkedIn at least uses HTTPS by default, which should deter sniffing.
I don't think MySpace gives you the same luxury...
-- 
Kristian Hermansen

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]