My annoyance at Social Networking sites

["Dave Farber" <dave () farber net>]

-----Original Message-----
From: gep2 () terabites com [mailto:gep2 () terabites com] 
Sent: Monday, August 06, 2007 5:31 AM
To: dave () farber net
Cc: clayton () terabites com
Subject: Fwd: My annoyance at Social Networking sites

I received a note earlier today from my friend Clayton 
(clayton () terabites com) which I feel might be worth 
passing along.

Of course, one can argue that anybody who is stupid enough 
to give their login name AND PASSWORD at any site TO ANY 
THIRD PARTY truly deserves whatever grief befalls them as 
a result.  Still, as an Internet community we really ought 
to come down, and HARD, against people promoting these 
kinds of "social engineering" con games.

Among other things, just because someone has written an 
E-mail to someone DOES NOT MEAN that that E-mail address 
is suitable to be invited to "come be my friend" on a 
social networking web site.  Examples might include 
"newgroup-subscribe () yahoogroups com", 
"letters () nytimes com", maybe the E-mail address of your 
senator or congressman, "customerservice () exxon com", or 
whatever.

of course, giving someone your Yahoo login could be 
DISASTROUS... if that person were untrustworthy (and if 
they were trustworthy, IMHO, they wouldn't ask for it) 
they could change your password and lock YOU out of your 
account... disastrous indeed, if (say) you use that ID as 
the owner of one or more Yahoogroups...!  They could take 
over your owner/moderator rights, axe the groups you own, 
retrieve and abuse the subscriber lists of those groups... 
the list of damages possible is nearly endless.

On to Clayton's E-mail...

[quote]

My annoyance at Social Networking sites

I would like to talk about how annoyed I am with a few of 
these "social netowkring" websites and what happens when 
you sign up for them. Some examples of the sites I'm 
referring to include Ringo, Flixter, and WAYN (Where Are 
You Now)[I honestly don't know if MySpace does this].

Let me give a description of what happens:

You get an email from a friend telling you about a social 
networking site. You go to the website proper (by hand 
typing in the address into the address bar), and you 
decide you want to join the site. You fill out the 
important information (ie select username, password, enter 
email address, etc.). As your email address, you use a 
Yahoo or Hotmail email address. You get to the end of the 
form, and click next. The very next screen asks you for 
your Yahoo or Hotmail username and PASSWORD so they can 
"send messages to everyone on your contact list to invite 
them to join the site". There's a link at the bottom of 
the page to skip that step. [I don't know if it does this 
with other web based email providers.]

Um....can we say "Just as bad as a worm virus"? For those 
that do provide the password, they open a whole bag of 
worms. Yes, initially the service might send out a little 
"Come join our site!" email, but they have your password 
and could easily, if someone wanted to, go and take any 
personal information you may have stored there. They could 
also relog in and get new contacts to put on a list that 
they could very easily sell to spammers. I feel it's just 
as bad as those phishing scams where you get the email 
which the link goes to a page that looks like a Yahoo 
signin page. I've chided a few people recently for doing 
this, and told them right away to CHANGE their password!

Now, I will be honest in saying that the owners of the 
sites might keep their word and only use the 
login/password to send one email to people in their 
contact list, but how can one tell how honest they are.

I have even sent an email to Yahoo months ago about these 
sites, and how they can be a security risk. Unforunately, 
since the sites are still up and active (and I still 
receive emails from them), I'm thinking that no actions 
(if any could be taken) have been taken against these 
websites.

What I think needs to be done is that the public needs to 
be educated about these sites, and the security risk they 
pose.
  
[end quote]

Gordon Peterson
http://personal.terabites.com
1977-2007  Thirty year anniversary of local area 
networking


-------------------------------------------
Archives: http://v2.listbox.com/member/archive/247/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com