| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <fe37588d0707290929u6cc261c9j613efa80989c62d8@mail.gmail.com> Date: Sun, 29 Jul 2007 12:29:32 -0400 From: "Kristian Hermansen" <kristian.hermansen@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: MySpace e-mail importer rasies security concerns On 7/29/07, "HACK THE GOV" <hackthegov@...glemail.com> wrote: > "we've recently noticed the functionality of myspace in respect of the > e-mail importer raises privacy and security concerns. Yea, it would be a dumb idea to use that feature. Although, if you really really really want to use it, it would be wise to temporarily change your password, use the feature, and then set it back to minimize the abuse potential. Still a bad idea. LinkedIn also has this functionality... https://www.linkedin.com/secure/uploadContacts?displayWebMail=&trk=inv_webmail > e-mail address for their myspace account, instead of using an unknown > throw away e-mail address to login to their myspace account. you would > normally associate this kind of tool with the hacker underground, but > today folks its brought to you by design of the myspace team, who > obviously don't have the bigger picture of privacy and security in > mind. LinkedIn at least uses HTTPS by default, which should deter sniffing. I don't think MySpace gives you the same luxury... -- Kristian Hermansen _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists