|
|
"Enter your GMail password here" – huh?
|
|
|
|
Professional Poster
Join Date: Mar 2002
Location: adequate, thanks.
Status:
Offline
|
|
I was just registering at ilike.com to listen to the new R.E.M. album before I buy it. I read somewhere they had it on streaming. Well, I used my spam email account at gmail to register and found this directly after my first login on ilike.com:
Huh? Enter my password on a different site? What's the deal? I am positive that a (major) service like ilisten.com would have been bashed if there was anything wrong with this, but I still can't figure out why they ask for my email password…?
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Oct 2001
Location: Yokohama, Japan
Status:
Offline
|
|
I think it's pretty obvious that they use your username and password to get access to your Gmail address book, and check to see if those email addresses correspond to accounts on iLike. The idea is to eliminate the hassle of manually searching for friends on each and every social networking site. Other places, LinkedIn for one, do this too.
If you don't want to give them your password then don't.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Mar 2002
Location: adequate, thanks.
Status:
Offline
|
|
Very smart answer. Yes, it is obvious. But it was my mistake in the first place, since my post is not very clear, sorry.
What I meant is: I never was asked by any website that I had to actually enter my login and password of my email service. I am just baffled that anyone would do this, no matter which site.
This might lead to the assumption, for unexperienced users, that entering that data on a different website is ok, which is more or less all that phishers want.
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Jun 2001
Location: Baltimore, MD
Status:
Offline
|
|
I've seen this in a lot of places. Facebook does it, Plaxo does it, probably all the social networking sites do it. Most potentially scary: mint.com does it.
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Oct 2001
Location: Yokohama, Japan
Status:
Offline
|
|
Originally Posted by andreas_g4
What I meant is: I never was asked by any website that I had to actually enter my login and password of my email service. I am just baffled that anyone would do this, no matter which site.
This might lead to the assumption, for unexperienced users, that entering that data on a different website is ok, which is more or less all that phishers want.
I'm not sure what you're so shocked about. It's not mandatory; you can simply choose not to auto-add friends that way.
I suppose you may have a point about people possibly becoming less vigilant about keeping login & password info secret, but clearly the cat is out of the bag at this point.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status:
Offline
|
|
There's no other way to accomplish what they're doing, is there?
|
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
|
|
|
|
|
|
|
|
Mac Elite
Join Date: May 2001
Location: Vancouver
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Dec 2001
Location: somewhere
Status:
Offline
|
|
Originally Posted by Chuckit
There's no other way to accomplish what they're doing, is there?
Export your contacts to a file and upload them. Most will support this.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status:
Offline
|
|
Originally Posted by nonhuman
Most potentially scary: mint.com does it.
WTF is that supposed to mean ?
Is mint supposed to GUESS your account data and activity ?
-t
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: May 2001
Location: type 13 planet
Status:
Offline
|
|
I personally find it a very worrisome trend. Yay, let's train people to give their username and passwords to random websites. Welcome to the social...
|
New, Improved and Legal in 50 States
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status:
Offline
|
|
Originally Posted by pooka
I personally find it a very worrisome trend. Yay, let's train people to give their username and passwords to random websites. Welcome to the social...
That's the drawback if you want various databases and apps to communicate.
In the future, more and more websites will use OpenID � What is OpenID? , which is really how it's supposed to be done.
-t
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status:
Offline
|
|
Maybe I'm missing something, but OpenID seems like a security nightmare. "You know, there's a lot of problems with insecurity and fishing on the Web today. What can we do about this?" "I know! Let's create one more basket just like all the others and encourage everybody to put all their eggs in here!"
|
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Jun 2001
Location: Baltimore, MD
Status:
Offline
|
|
Originally Posted by turtle777
WTF is that supposed to mean ?
Is mint supposed to GUESS your account data and activity ?
-t
Obviously it's necessary given what Mint does, but the idea that people are just giving out the login information for their online banking and credit cards is somewhat troublesome. The fact that most people wouldn't even give it a second thought or consider what the security implications are is what really bothers me. It's one hell of a big invitation for phishing or a man in the middle attack, both things that the average user is probably not really competent to protect themselves from.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status:
Offline
|
|
Originally Posted by nonhuman
Obviously it's necessary given what Mint does, but the idea that people are just giving out the login information for their online banking and credit cards is somewhat troublesome. The fact that most people wouldn't even give it a second thought or consider what the security implications are is what really bothers me. It's one hell of a big invitation for phishing or a man in the middle attack, both things that the average user is probably not really competent to protect themselves from.
This is true, people SHOULD be careful to whom they hand out their information. I looked at mint and decided that I would trust them.
Before I did, I did some extensive research on mint, the company and the backing. Seemed solid to me.
-t
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status:
Offline
|
|
Originally Posted by Chuckit
Maybe I'm missing something, but OpenID seems like a security nightmare. "You know, there's a lot of problems with insecurity and fishing on the Web today. What can we do about this?" "I know! Let's create one more basket just like all the others and encourage everybody to put all their eggs in here!"
In my limited understanding, I don't see this as a nightmare.
It;s much more a nightmare that people have to remember eleventy billion different passwords, and therefore, use the same password everywhere.
Plus, those passwords used are rarely of good strength.
If you have ONE openID with a strong password, I think most people will be better off (i.e. safer) than today.
-t
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status:
Offline
|
|
Originally Posted by turtle777
In my limited understanding, I don't see this as a nightmare.
It;s much more a nightmare that people have to remember eleventy billion different passwords, and therefore, use the same password everywhere.
I don't see how. That is, at worst, exactly the same as what you get with OpenID.
Originally Posted by turtle777
Plus, those passwords used are rarely of good strength.
If you have ONE openID with a strong password, I think most people will be better off (i.e. safer) than today.
It is true that people don't generally use high-quality passwords, but still most of the Internet account hacking I hear of comes from phishing, not from brute-force guessing.
|
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status:
Offline
|
|
Originally Posted by Chuckit
I don't see how. That is, at worst, exactly the same as what you get with OpenID.
I think you misunderstand how it works. Have a look at this:
How OpenID works | Clickpass Documentation
I don't see how this is more prone to fishing than getting your password.
-t
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Dec 2000
Location: Caught in a web of deceit.
Status:
Offline
|
|
I am starting a new online social networking website. You have all been selected to be beta testers.
If you are interested, please PM me your Gmail or Yahoo! Mail account identification and password.
I have also begun work on a new online payment system website, and it's going to be much more powerful than PayPal. You have all been selected to be beta testers.
If you are interested, please PM me your bank account information and password.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status:
Offline
|
|
What's the site called ? EugScammer ?
-t
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Dec 2000
Location: Caught in a web of deceit.
Status:
Offline
|
|
The site is called Eug's Hammer.
We are a storage solutions company and have decided to branch out to industries that can leverage our years of experience with data warehousing.
We aim to use our new jack-of-all-trades online tools to hammer away inconvenience!
(
Last edited by Eug; Mar 31, 2008 at 10:46 AM.
)
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Mar 2002
Location: adequate, thanks.
Status:
Offline
|
|
Originally Posted by Eug
I am starting a new online social networking website. You have all been selected to be beta testers.
If you are interested, please PM me your Gmail or Yahoo! Mail account identification and password.
I have also begun work on a new online payment system website, and it's going to be much more powerful than PayPal. You have all been selected to be beta testers.
If you are interested, please PM me your bank account information and password.
HAWT. Is this even cooler than being one of the gmail early beta users? Then I'm all onto it!1!!!1!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|