[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040318074550.24584.qmail@www.securityfocus.com>
Date: 18 Mar 2004 07:45:50 -0000
From: Stacy Martin <trust@...xo.com>
To: bugtraq@...urityfocus.com
Subject: Re: PLAXO: is that a cure or a disease?
In-Reply-To: <200403121752.i2CHqK8A028679@...187.megawebservers.com>
Thanks for the report. This problem was fixed within hours of the original post on 3/12/04.
While not diminishing the seriousness of the report, the impact of this vulnerability required the malicious user to already be in the Plaxo user's address book and to have received a Plaxo Update Request from the victim. A security review of all Plaxo accounts showed no one besides the reporting user had found this problem and therefore no other Plaxo member's data was impacted.
But nevertheless, since 3/12, we've made a number of additional changes and enhancements to our service in order to minimize the occurance of these types of problems again.
We appreciate the assistance in finding this and we encourage people to continue to bang on Plaxo. We only ask that if there is a next time, you give us time to develop a fix before telling truly malicious users.
Powered by blists - more mailing lists