Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] MySpace e-mail importer rasies security concerns

from [HACK THE GOV] Network Security [Permanent Link]
Subject: [Full-disclosure] MySpace e-mail importer rasies security concerns
Date: Fri, 27 Jul 2007 21:47:33 +0100 
"we've recently noticed the functionality of myspace in respect of the
e-mail importer raises privacy and security concerns.
not everyone is savy with the feature. the feature allows you to login
from the myspace account into your e-mail account and check who from
your e-mail address book is on myspace. in the case of gmail everyone
is automatically added to your address book, so for folks on mailing
lists this can, be very useful, or for folks who weren't aware their
e-mail address(es) is being fully disclosed by the myspace service, it
may bring up privacy and security concerns. honestly, try this with
your account(s), you'll be suprised how many myspace profiles come up.
we respect serious security researchers are aware of the recent e-mail
address book importer and we apologise for any inconvenience caused by
reading this message. we just ask security folks to pick over the
feature and brain storm ways the feature can be exploited for
malicious activity. if youre planning to be an iphone user,stay clear
of myspace with it, honestly, hackers are gearing up on myspace to
infect iphone users on a grand scale. the myspace e-mail importer
allows for cross e-mail account / myspace attack outbreaks. what do we
have here? a tool that easily allows anyone to upload a large amount
of e-mail addresses and check them against myspace accounts. try it
for yourself, you'll be suprised how many people have used their
e-mail address for their myspace account, instead of using an unknown
throw away e-mail address to login to their myspace account. you would
normally associate this kind of tool with the hacker underground, but
today folks its brought to you by design of the myspace team, who
obviously don't have the bigger picture of privacy and security in
mind.

http://sads.myspace.com/index.cfm?fuseaction=addressimporter.carrier

"

link: 
http://international-hacker-n3td3v.blogspot.com/2007/07/myspace-e-mail-importer-raises-concerns.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] MySpace e-mail importer rasies security concerns, HACK THE GOV <=
Previous by Date:  Re: [Full-disclosure] FIREFOX 2.0.0.5 new vulnerability, Joe Barr
Next by Date:  [Full-disclosure] [ GLSA 200707-12 ] VLC media player: Format string vulnerabilities, Raphael Marichez
Previous by Thread:  [Full-disclosure] FLEA-2007-0035-1: libvorbis, Foresight Linux Essential Announcement Service
Next by Thread:  [Full-disclosure] [ GLSA 200707-12 ] VLC media player: Format string vulnerabilities, Raphael Marichez
Indexes:  [Date] [Thread] [Top] [All Lists]