Hi Chris,
This is what The Guardian's Ask Jack
Schofield has to say on Contacting Ringo:-
http://www.guardian.co.uk/online/askjack/story/0,12196,1428628,00.html
<snip>
Contacting Ringo
Do you know anything about an organisation called Ringo? It's supposed
to set up a mutual contact address book. It could be a marvellous
method of collecting addresses for spam and viruses.
Tim Gossling
JS: Ringo (www.ringo.com) is one of several similar services that
maintain and update lists of contacts. Plaxo (www.plaxo.com) is the
market leader, and Bebo (www.bebo.com) is another rival. Ringo is not
collecting addresses for spammers: it's part of Monster Worldwide
(www.monsterworldwide.com). This runs the biggest online recruitment
system, which includes www.monster.co.uk. However, I suggest you read
Roger Clarke's Very Black 'Little Black Books'
(www.anu.edu.au/people/Roger.Clarke/DV/ContactPITs.html) before
getting involved with any of these systems. I find the repeated
requests for updates very annoying.
<snip>
ZABA
---------- Forwarded message ----------
From: Steve <securityfocus@delahunty.com>
Date: Fri, 11 Mar 2005 11:09:56 -0500
Subject: Re: Social viruses ? (Hi5, Ringo, etc.)
To: Chris Caydes <chris.caydes@gmail.com>, focus-virus@securityfocus.com
Similar sites include Plaxo and LinkedIn but those do ask you before they
send to anyone from your address book and they ask you to import your
address book, work you through it etc.
STEVE
----- Original Message -----
From: "Chris Caydes" <chris.caydes@gmail.com>
To: <focus-virus@securityfocus.com>
Sent: Thursday, March 10, 2005 7:11 PM
Subject: Social viruses ? (Hi5, Ringo, etc.)
In the past few weeks, I have received a few messages from people that
I know, asking me to join their "network of friends" on such sites as
Ringo, Hi5 and Bebo. From what I understand, these sites offer you to
hold your address book for you. The idea is that each member keeps his
own contact info up to date, effectively keeping your own address book
up to date.
I also saw one such invitation (for Ringo) sent to a mailing list (and
the sender getting flamed for it shortly afterwards)
In one case, out of curiosity, I clicked on the link provided (it was
from hi5). The several-step form asked me for personal information
that I did not want to provide, including the *password* for the
Hotmail address I had provided !
The reason why hi5 wanted my Hotmail password was to "automatically
import my entire Hotmail address book to my hi5 account"
That's where my curiosity reached its limit: I did not go any further.
The person who initially sent me that invitation later told me that he
had received the same invitation himself, had joined the hi5 network,
and that hi5 then sent invitations to his entire address book without
him even realizing it.
I then thought that the guy who sent the Ringo invitation to the
mailing list perhaps sent it unvoluntarily as well.
What I'm getting at is, if these invitations "to join the network"
really are sent without the members' consent (or knowledge), they
share a lot of similarities with email-bornes viruses. They would be
viruses without a malicious payload (except for the flames you get
from spamming your entire address book, and the fact that you hand out
your Hotmail/Yahoo email password to a third party website).
This would then be like a virus that doesn't even require you to write
a line of code: all you need is to invite a few people to "join the
network", and let the website do the rest.
Has anyone else witnessed this ?
Are invitations to such sites as Hi5, Bebo and Ringo really sent
without the member's knowledge ? Or is it a choice left to the member
to send invites (and in that case, what is the default ?)
Regards
Chris
