Interesting People mailing list archives
My annoyance at Social Networking sites
From: "Dave Farber" <dave () farber net>
Date: Mon, 6 Aug 2007 10:24:58 +0900
-----Original Message----- From: gep2 () terabites com [mailto:gep2 () terabites com] Sent: Monday, August 06, 2007 5:31 AM To: dave () farber net Cc: clayton () terabites com Subject: Fwd: My annoyance at Social Networking sites I received a note earlier today from my friend Clayton (clayton () terabites com) which I feel might be worth passing along. Of course, one can argue that anybody who is stupid enough to give their login name AND PASSWORD at any site TO ANY THIRD PARTY truly deserves whatever grief befalls them as a result. Still, as an Internet community we really ought to come down, and HARD, against people promoting these kinds of "social engineering" con games. Among other things, just because someone has written an E-mail to someone DOES NOT MEAN that that E-mail address is suitable to be invited to "come be my friend" on a social networking web site. Examples might include "newgroup-subscribe () yahoogroups com", "letters () nytimes com", maybe the E-mail address of your senator or congressman, "customerservice () exxon com", or whatever. of course, giving someone your Yahoo login could be DISASTROUS... if that person were untrustworthy (and if they were trustworthy, IMHO, they wouldn't ask for it) they could change your password and lock YOU out of your account... disastrous indeed, if (say) you use that ID as the owner of one or more Yahoogroups...! They could take over your owner/moderator rights, axe the groups you own, retrieve and abuse the subscriber lists of those groups... the list of damages possible is nearly endless. On to Clayton's E-mail... [quote] My annoyance at Social Networking sites I would like to talk about how annoyed I am with a few of these "social netowkring" websites and what happens when you sign up for them. Some examples of the sites I'm referring to include Ringo, Flixter, and WAYN (Where Are You Now)[I honestly don't know if MySpace does this]. Let me give a description of what happens: You get an email from a friend telling you about a social networking site. You go to the website proper (by hand typing in the address into the address bar), and you decide you want to join the site. You fill out the important information (ie select username, password, enter email address, etc.). As your email address, you use a Yahoo or Hotmail email address. You get to the end of the form, and click next. The very next screen asks you for your Yahoo or Hotmail username and PASSWORD so they can "send messages to everyone on your contact list to invite them to join the site". There's a link at the bottom of the page to skip that step. [I don't know if it does this with other web based email providers.] Um....can we say "Just as bad as a worm virus"? For those that do provide the password, they open a whole bag of worms. Yes, initially the service might send out a little "Come join our site!" email, but they have your password and could easily, if someone wanted to, go and take any personal information you may have stored there. They could also relog in and get new contacts to put on a list that they could very easily sell to spammers. I feel it's just as bad as those phishing scams where you get the email which the link goes to a page that looks like a Yahoo signin page. I've chided a few people recently for doing this, and told them right away to CHANGE their password! Now, I will be honest in saying that the owners of the sites might keep their word and only use the login/password to send one email to people in their contact list, but how can one tell how honest they are. I have even sent an email to Yahoo months ago about these sites, and how they can be a security risk. Unforunately, since the sites are still up and active (and I still receive emails from them), I'm thinking that no actions (if any could be taken) have been taken against these websites. What I think needs to be done is that the public needs to be educated about these sites, and the security risk they pose. [end quote] Gordon Peterson http://personal.terabites.com 1977-2007 Thirty year anniversary of local area networking ------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/=now RSS Feed: http://v2.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- My annoyance at Social Networking sites Dave Farber (Aug 05)
- <Possible follow-ups>
- re: My annoyance at Social Networking sites Dave Farber (Aug 07)