They can encrypt the post parameters (address book) as they're sent. Just like the HTTP GET requests used to search for numbers.
-- Q8WhiteHat.org On Jun 6, 2012, at 11:36 PM, doc mombasa wrote: > Yes and how would you mitigate that? > Its not possible to validate the data as they donthave any pre existing > knowledge about your address book > > 2012/6/5 Kuwait WhiteHat <[email protected]> > Well, using SSL will solve the privacy issues which involves having a 3rd > party sniff the traffic and reconstruct a database of users address books as > outlined here > http://q8whitehat.org/truecaller-vulnerability-allows-changing-users-name/ > However, it doesnt solve other problems such as the ability to change > database entries or submitting fake data. > > On Jun 5, 2012 5:16 PM, "doc mombasa" <[email protected]> wrote: > the only "vulnerability" here is not using https? > . > > 2012/6/4 Григорий Братислава <[email protected]> > Paranoia. Thor I is always publicly share contacts: > > Adrian Lamo > c/o DMH Vacavill Psychiatric Hospital > Vacavill, CA > (707) 449-6504 > > Hector Monsegur > (480) 948-6377 > ADDRESS IS WITHOLD > > John Paul (JP) > 594 3rd St > Beaver PA > www.inspirosity.com (is Out of business moved into is Gay porn) > > Jesse Tuttle > (http://enquirer.com/editions/2003/07/28/hacker_zoom.jpg) > (480) 948-6377 > ADDRESS IS WITHOLD > > Gary McKinnon > PSC 1005 > Box 25 FPO AE / Cellblock 42 > Guantanamo Bay 09593 > > AS (is in case I am too arrested) > 4340 East West Hwt Suite 350 > Bethesda MD > > Has nothing to hid. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
