Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TrueCaller Vulnerability Allows Changing Users Details

From: doc mombasa <doc.mombasa () gmail com>
Date: Wed, 6 Jun 2012 22:36:49 +0200
Yes and how would you mitigate that?
Its not possible to validate the data as they donthave any pre existing
knowledge about your address book

2012/6/5 Kuwait WhiteHat <q8whitehat () gmail com>


Well, using SSL will solve the privacy issues which involves having a 3rd
party sniff the traffic and reconstruct a database of users address books
as outlined here
http://q8whitehat.org/truecaller-vulnerability-allows-changing-users-name/
However, it doesnt solve other problems such as the ability to change
database entries or submitting fake data.
On Jun 5, 2012 5:16 PM, "doc mombasa" <doc.mombasa () gmail com> wrote:


the only "vulnerability" here is not using https?
.

2012/6/4 Григорий Братислава <musntlive () gmail com>


Paranoia. Thor I is always publicly share contacts:

Adrian Lamo
c/o DMH Vacavill Psychiatric Hospital
Vacavill, CA
(707) 449-6504

Hector Monsegur
(480) 948-6377
ADDRESS IS WITHOLD

John Paul (JP)
594 3rd St
Beaver PA
www.inspirosity.com (is Out of business moved into is Gay porn)

Jesse Tuttle
(http://enquirer.com/editions/2003/07/28/hacker_zoom.jpg)
(480) 948-6377
ADDRESS IS WITHOLD

Gary McKinnon
PSC 1005
Box 25 FPO AE / Cellblock 42
Guantanamo Bay 09593

AS (is in case I am too arrested)
4340 East West Hwt Suite 350
Bethesda MD

Has nothing to hid.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: