WebApp Sec mailing list archives

Re: Re: Re: Suggestion: email anti-spoof measure on web site

From: mike () sharecube com
Date: 20 Jan 2006 19:31:49 -0000


True, there is a Send Page, but not if you have hotmail, yahoo, or google mail. Also, in a brief survey I made, 100% of 
the medium technical people I asked (all work for high tech companies) did not know about and obviously have never used 
this feature. They liked and have used send friend feature in other web sites.

I agree that send freidn service can be exploited as you have pointed out. I disagree that it must be shut down. Good 
checks should be recommended.


Mike

-------------------------------------------------------------------------
This List Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------

Current thread:

Suggestion: email anti-spoof measure on web site ma . huijuan (Jan 18)
- <Possible follow-ups>
- Re: Suggestion: email anti-spoof measure on web site mike (Jan 19)
  - Re: Suggestion: email anti-spoof measure on web site Georgi Alexandrov (Jan 23)
- Re: Re: Suggestion: email anti-spoof measure on web site ma . huijuan (Jan 19)
- Re: Re: Re: Suggestion: email anti-spoof measure on web site mike (Jan 20)