lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 27 Jul 2007 21:47:33 +0100
From: "HACK THE GOV" <hackthegov@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: MySpace e-mail importer rasies security concerns

"we've recently noticed the functionality of myspace in respect of the
e-mail importer raises privacy and security concerns.
not everyone is savy with the feature. the feature allows you to login
from the myspace account into your e-mail account and check who from
your e-mail address book is on myspace. in the case of gmail everyone
is automatically added to your address book, so for folks on mailing
lists this can, be very useful, or for folks who weren't aware their
e-mail address(es) is being fully disclosed by the myspace service, it
may bring up privacy and security concerns. honestly, try this with
your account(s), you'll be suprised how many myspace profiles come up.
we respect serious security researchers are aware of the recent e-mail
address book importer and we apologise for any inconvenience caused by
reading this message. we just ask security folks to pick over the
feature and brain storm ways the feature can be exploited for
malicious activity. if youre planning to be an iphone user,stay clear
of myspace with it, honestly, hackers are gearing up on myspace to
infect iphone users on a grand scale. the myspace e-mail importer
allows for cross e-mail account / myspace attack outbreaks. what do we
have here? a tool that easily allows anyone to upload a large amount
of e-mail addresses and check them against myspace accounts. try it
for yourself, you'll be suprised how many people have used their
e-mail address for their myspace account, instead of using an unknown
throw away e-mail address to login to their myspace account. you would
normally associate this kind of tool with the hacker underground, but
today folks its brought to you by design of the myspace team, who
obviously don't have the bigger picture of privacy and security in
mind.

http://sads.myspace.com/index.cfm?fuseaction=addressimporter.carrier

"

link: http://international-hacker-n3td3v.blogspot.com/2007/07/myspace-e-mail-importer-raises-concerns.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ