Yes and how would you mitigate that? Its not possible to validate the data as they donthave any pre existing knowledge about your address book
2012/6/5 Kuwait WhiteHat <[email protected]> > Well, using SSL will solve the privacy issues which involves having a 3rd > party sniff the traffic and reconstruct a database of users address books > as outlined here > http://q8whitehat.org/truecaller-vulnerability-allows-changing-users-name/ > However, it doesnt solve other problems such as the ability to change > database entries or submitting fake data. > On Jun 5, 2012 5:16 PM, "doc mombasa" <[email protected]> wrote: > >> the only "vulnerability" here is not using https? >> . >> >> 2012/6/4 Григорий Братислава <[email protected]> >> >>> Paranoia. Thor I is always publicly share contacts: >>> >>> Adrian Lamo >>> c/o DMH Vacavill Psychiatric Hospital >>> Vacavill, CA >>> (707) 449-6504 >>> >>> Hector Monsegur >>> (480) 948-6377 >>> ADDRESS IS WITHOLD >>> >>> John Paul (JP) >>> 594 3rd St >>> Beaver PA >>> www.inspirosity.com (is Out of business moved into is Gay porn) >>> >>> Jesse Tuttle >>> (http://enquirer.com/editions/2003/07/28/hacker_zoom.jpg) >>> (480) 948-6377 >>> ADDRESS IS WITHOLD >>> >>> Gary McKinnon >>> PSC 1005 >>> Box 25 FPO AE / Cellblock 42 >>> Guantanamo Bay 09593 >>> >>> AS (is in case I am too arrested) >>> 4340 East West Hwt Suite 350 >>> Bethesda MD >>> >>> Has nothing to hid. >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >>
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
