This is the web Diary and I will blog whenever I feel good to blog. I don't know how blogs were classified .. this is just a Personal Diary or my own views upon things happening around me. Most of the Posts in this blog are written in Myanmar (Burma) Native Language, known as Burmese/Myanmarsar (Not Myanmese or Barmen). This blog is composed with Winkalaw Font. I recommend you to get the Winkalaw 3 (modified) from the link below.



Download WinKalaw Font Unofficial Version 3 for Better Reading

Flixster and the major Security Leak ???
 
Today I got an email from my former friend who used to register with his gmail without thinking almost anything rather than getting a free accounts in any website. And he was quite friendly to give all of his contact to any site which send never ending invitation letters to me .. sometime every month, sometime every week.
Some of the letters contain such words like "Mr. A want to tell you this" and the link which lead me directly to the registration. WTF .. why do I need to register to read that stupid message which he can send directly via email. Okay forget it.
Oh that's not the end of story, I found out a new trick today. Quite Nasty technique.
Flixster send me an email telling that Mr. A sent me a private message. Hello .. why da hell is he sending private message via that kinda stupid @##$!@#^ website. Okay .. I want to know how far that site go. So I clicked the link and reach directly to the Registration Page.
It has just a registration page for the first glance. It ask me my name and password. Okay then .. I give it as name "fuck" password "fuck" and press the sumit button. Now the nasty part comes, it knows my email address because the link was sent to my email and I came to this site with that link .. ( confused ? ok forget it .. just remember its already knows ur email address since you got the mail. )
Okay what's the nasty part in Second Page of Registration Process ? It show your gmail address and ask your gmail Password. OMFG .. it dare to ask your email password. I wonder .. if there was a stupid bloke comes cross over that page and if he was stupid enough to give his gmail password to that fcuking page .. and If we are in his buddy list or mail box .....
I'm quite sure that site will send regular Invitation and updates and news letters which you never want to see in your inbox or even in the spam folder. And giving email password to that site will be a major security risk to him.
Nobody can grantee that site owner or operator will not read your mail, scan your inbox and extract your personal information and other passwords from other website you registered.
I found a paragraph in wikipedia like this
 
Security
 
This site encourages users to divulge their login ID and password for webmail accounts such as Hotmail, Yahoo, Gmail & AOL. It is not clear why they do this, but it would appear that they are trying to hook-into the address books of the user in order to encourage and make it easy for users to liberally invite their friends in their address book. Of course, this is a major security risk because it provides Flixster the ability to access not only users email address books, but also their entire on-line identities. Not only that, it proliferates the risks of the user's account being hijacked."
 
 
Okay .. guys .. stay safe! And do not give your gmail/email password to anyone or anysite for your own sake and our sake .. don't be in the list of stupid people around the world.
 
Kalvin

Published by Kalvin on Saturday, March 10, 2007 at 10:11 PM.

4 Responses to “Flixster and the major Security Leak for Gmail ???”

  1. # Anonymous Anonymous

    Hi Kalvin,

    I am one of the founders of flixster - just happened upon this post via technorati...

    Like many other social services on the web, we offer users the option to select friends to invite using their yahoo/hotmail/etc address book. We do not store that login information in any way, and we use it only to retrieve a list of their contacts from which they can then select peopel to invite.

    I certainly don't blame you for being wary on the net - lots of bad stuff out there - but we're pretty honest about what we do.

    FYI - amongst the many other sites that offer the same thing: myspace/facebook/yelp/stumbleupon/etc/etc...

    feel free to drop me a note if you want. joe at the expected domain.

    Cheers,
    Joe (flixster guy)  

  2. # Anonymous Anonymous

    Hi kal!
    this is suuuch a scam.
    and @flixter
    Why not give us your credit card info? we'll throw it away after downloading a cuple trial softwares!!!

    and @kal again
    recognize me? Its tank o boom2/DaLeGiOnArY/Praetorian/Recon Commando/Fixer40/Arc9!!!  

  3. # Anonymous Anonymous

    Gee, Joe sounds like a nice guy, so I guess I can trust him.

    Not.

    Yes, other social services allow the user to invite friends to join, but I've yet to run into one that asks for the user's email password. And your service not only asks, it basically demands you enter it, otherwise you can't login to the flixster site. Now where does that get fun? You need to change your policy and allow users to invite others on their own initiative and not by plundering their address book.  

  4. # Anonymous Anonymous

    ^ Flixter guy??

    that doesn't sound proffessional at all to me, I doubt that really is a person that works with Flixter...  

Post a Comment


Presented by Kalvin