Full Disclosure: Re: TrueCaller Vulnerability Allows Changing Users Details

[doc mombasa <doc.mombasa () gmail com>]

Yes and how would you mitigate that?
Its not possible to validate the data as they donthave any pre existing
knowledge about your address book

2012/6/5 Kuwait WhiteHat <q8whitehat () gmail com>

> Well, using SSL will solve the privacy issues which involves having a 3rd
> party sniff the traffic and reconstruct a database of users address books
> as outlined here
> http://q8whitehat.org/truecaller-vulnerability-allows-changing-users-name/
> However, it doesnt solve other problems such as the ability to change
> database entries or submitting fake data.
> On Jun 5, 2012 5:16 PM, "doc mombasa" <doc.mombasa () gmail com> wrote:
>
> > the only "vulnerability" here is not using https?
> > .
> >
> > 2012/6/4 Григорий Братислава <musntlive () gmail com>
> >
> > > Paranoia. Thor I is always publicly share contacts:
> > >
> > > Adrian Lamo
> > > c/o DMH Vacavill Psychiatric Hospital
> > > Vacavill, CA
> > > (707) 449-6504
> > >
> > > Hector Monsegur
> > > (480) 948-6377
> > > ADDRESS IS WITHOLD
> > >
> > > John Paul (JP)
> > > 594 3rd St
> > > Beaver PA
> > > www.inspirosity.com (is Out of business moved into is Gay porn)
> > >
> > > Jesse Tuttle
> > > (http://enquirer.com/editions/2003/07/28/hacker_zoom.jpg)
> > > (480) 948-6377
> > > ADDRESS IS WITHOLD
> > >
> > > Gary McKinnon
> > > PSC 1005
> > > Box 25 FPO AE / Cellblock 42
> > > Guantanamo Bay 09593
> > >
> > > AS (is in case I am too arrested)
> > > 4340 East West Hwt Suite 350
> > > Bethesda MD
> > >
> > > Has nothing to hid.
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/