Webmail has a vulnerability. This was just reported over at /. The URLs to specific email messages in a specific account are absolute, which means that anyone can access them, with or without access. The possible exploit happens when you send
[email protected] an email with a link in it to a website somewhere. On that website, the admin or whoever has access to the referrer logs sees the exact URL to the email message and by playing around can read others as well. To be fair the webmail URL's do time out after some minutes so there shoun't be too many of you getting strange mails with links to my server <img border="0" title="" alt="[Wink]" src="wink.gif" />
Apple you bunch of d�cksh�t clowns, wake the fu�k up. I apologise in advance for insulting you like this, but this is very basic web security. On top of this this is almost *exactly* the same vulnerability as Hotmail had last year, which was exploited by every tom, d�ck and harry from here to Tapei (I caught some little bugger from Taipei reading my hotmail, after which he forwarded the address on to about 15 different spammers)
<small>[ 07-25-2002, 09:24 AM: Message edited by: theolein ]</small>
Top