Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Social viruses ? (Hi5, Ringo, etc.)

from [Steve] Network Security [Permanent Link]
Subject: Re: Social viruses ? (Hi5, Ringo, etc.)
Date: Fri, 11 Mar 2005 11:09:56 -0500 
Similar sites include Plaxo and LinkedIn but those do ask you before they
send to anyone from your address book and they ask you to import your
address book, work you through it etc.

STEVE
----- Original Message ----- 
From: "Chris Caydes" <chris.caydes@gmail.com>
To: <focus-virus@securityfocus.com>
Sent: Thursday, March 10, 2005 7:11 PM
Subject: Social viruses ? (Hi5, Ringo, etc.)


In the past few weeks, I have received a few messages from people that
I know, asking me to join their "network of friends" on such sites as
Ringo, Hi5 and Bebo. From what I understand, these sites offer you to
hold your address book for you. The idea is that each member keeps his
own contact info up to date, effectively keeping your own address book
up to date.
I also saw one such invitation (for Ringo) sent to a mailing list (and
the sender getting flamed for it shortly afterwards)

In one case, out of curiosity, I clicked on the link provided  (it was
from hi5). The several-step form asked me for personal information
that I did not want to provide, including the *password* for the
Hotmail address I had provided !
The reason why hi5 wanted my Hotmail password was to "automatically
import my entire Hotmail address book to my hi5 account"
That's where my curiosity reached its limit: I did not go any further.

The person who initially sent me that invitation later told me that he
had received the same invitation himself, had joined the hi5 network,
and that hi5 then sent invitations to his entire address book without
him even realizing it.
I then thought that the guy who sent the Ringo invitation to the
mailing list perhaps sent it unvoluntarily as well.

What I'm getting at is, if these invitations "to join the network"
really are sent without the members' consent (or knowledge), they
share a lot of similarities with email-bornes viruses. They would be
viruses without a malicious payload (except for the flames you get
from spamming your entire address book, and the fact that you hand out
your Hotmail/Yahoo email password to a third party website).
This would then be like a virus that doesn't even require you to write
a line of code: all you need is to invite a few people to "join the
network", and let the website do the rest.

Has anyone else witnessed this ?
Are invitations to such sites as Hi5, Bebo and Ringo really sent
without the member's knowledge ? Or is it a choice left to the member
to send invites (and in that case, what is the default ?)

Regards
Chris
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Social viruses ? (Hi5, Ringo, etc.), Chris Caydes
Next by Date:  Fwd: Social viruses ? (Hi5, Ringo, etc.), Zainal Abidin Ahmad
Previous by Thread:  Social viruses ? (Hi5, Ringo, etc.), Chris Caydes
Next by Thread:  Fwd: Social viruses ? (Hi5, Ringo, etc.), Zainal Abidin Ahmad
Indexes:  [Date] [Thread] [Top] [All Lists]