Full Disclosure mailing list archives
MySpace e-mail importer rasies security concerns
From: "HACK THE GOV" <hackthegov () googlemail com>
Date: Fri, 27 Jul 2007 21:47:33 +0100
"we've recently noticed the functionality of myspace in respect of the e-mail importer raises privacy and security concerns. not everyone is savy with the feature. the feature allows you to login from the myspace account into your e-mail account and check who from your e-mail address book is on myspace. in the case of gmail everyone is automatically added to your address book, so for folks on mailing lists this can, be very useful, or for folks who weren't aware their e-mail address(es) is being fully disclosed by the myspace service, it may bring up privacy and security concerns. honestly, try this with your account(s), you'll be suprised how many myspace profiles come up. we respect serious security researchers are aware of the recent e-mail address book importer and we apologise for any inconvenience caused by reading this message. we just ask security folks to pick over the feature and brain storm ways the feature can be exploited for malicious activity. if youre planning to be an iphone user,stay clear of myspace with it, honestly, hackers are gearing up on myspace to infect iphone users on a grand scale. the myspace e-mail importer allows for cross e-mail account / myspace attack outbreaks. what do we have here? a tool that easily allows anyone to upload a large amount of e-mail addresses and check them against myspace accounts. try it for yourself, you'll be suprised how many people have used their e-mail address for their myspace account, instead of using an unknown throw away e-mail address to login to their myspace account. you would normally associate this kind of tool with the hacker underground, but today folks its brought to you by design of the myspace team, who obviously don't have the bigger picture of privacy and security in mind. http://sads.myspace.com/index.cfm?fuseaction=addressimporter.carrier " link: http://international-hacker-n3td3v.blogspot.com/2007/07/myspace-e-mail-importer-raises-concerns.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- MySpace e-mail importer rasies security concerns HACK THE GOV (Jul 28)
- Re: MySpace e-mail importer rasies security concerns Scott (angrykeyboarder) (Jul 31)