|
|
| Author |
Thread Statistics | Show CCP posts - 2 post(s) |
GLiMPSE X
Internal Error.
Negative-Feedback
205
   |
Posted - 2013.07.03 10:10:00 -
[1] - Quote
Mithridates VI wrote:Someone should probably mention to you guys that the mail servlet used to send out mass emails like "hey, players, there's a human endurance event" or "please fill out a survey" contains a link at the top labelled "View this message in a browser" which will open links.mail.dust514.com/servlet/MailView followed by a series of variables which tell the system who you are and which message you want to look at.
Unfortunately, if you make the appropriate changes to the part of the URL which tells the servlet who you are, you can view a message that was sent to someone else. You can also view the email address associated with their PSN. Presumably you could farm a list of character names and associated email addresses.
CCP were advised of this mid-May. It's on a third-party provider to actually fix the thing, but if CCP aren't going to disable the system, it seems appropriate that everyone be warned of the possibility that their email address has been disclosed. As far as I know, there is no evidence that this has occurred but it's polite to let customers know that the possibility existed.
I kind of expected that CCP would do this but, personally, have received no such notification, so here it is. Hopefully CCP comment in here to say that the reason no announcement was made is that they have fully explored the possibility of this being exploited and determined that nobody is at risk but the fact that the system remains vulnerable concerns me enough to advise players myself.
This is why we keep you on staff there big dog... |
GLiMPSE X
Internal Error.
Negative-Feedback
205
|
Posted - 2013.07.03 10:19:00 -
[2] - Quote
ChribbaX wrote:Not saying it's not good or anything, but wouldn't you think that actually bringing this public would make it happen faster than to keep pushing CCP to change their things... just a thought. But then, I'm far more concerned over other things that needs sorted. Good work! edit/and for obvious reasons I'm now going to go do exactly what you warn about just because I wasn't aware of it  /c
Unfortunately, most of the time it takes public scrutiny to get these things pushed through. Mith followed the norm in the industry by giving them plenty of notice prior to publishing his findings. |
GLiMPSE X
Internal Error.
Negative-Feedback
205
|
Posted - 2013.07.03 10:48:00 -
[3] - Quote
Banning Hammer wrote:Jaqen Morghalis wrote:Oh, no! Not my email address!
That information is supposed to be top-secret level 5 classified! Now my secret identity is blown! My loved ones are in danger!
Seroiusly, though, what's the worst-case scenario here, some extra spam emails? Actually, worst-case scenario is typing about it in this thread..most of my E-mail accounts are ghost towns, that i use exclusively for spawn E-mails. Is where junk and spawn rubbish go to die....a graveyard for internet BS.
The 'worst case' isn't increased spam, it's losing your unspent sps, wallet, and that of your corp. |
GLiMPSE X
Internal Error.
Negative-Feedback
205
|
Posted - 2013.07.03 10:57:00 -
[4] - Quote
Jaqen Morghalis wrote:Mithridates VI wrote:Jaqen Morghalis wrote:Maybe if you could explain how this grievous oversight and negligence on CCP's part might potentially cause me more than a slight inconvenience, I might share your concern over this "threat" to my personal security. I'm not going to enumerate the possible attacks based on having the personal details and PSN login of another player because I don't want to give anyone any ideas. Sorry if that doesn't convince you, but I'm mainly looking to advise people who feel it significant. I still don't understand (honestly, sorry if I'm being dense). I thought you said a person could get my email address, so where are they getting "personal details" and my login password from? Without those, what's the worst they could do, send me emails? How is my email address alone enough information to be in any way useful?
google. |
|
|
| |
|