http://slashdot.org/~obnosis/
On 6/25/09, Lisa Kachold <[email protected]> wrote: > <p> > Match.com, the popular paid online "secure" dating site, was found to > reveal private email addresses during messaging.</p> > <p> > Email Reply headers in the Messages reading pane reveal the "outside" > email of the dating parties to each other. So my reading pane shows > clearly at the top of an email Match.com "Message" thread:</p> > <p> > Date: Wed, 24 Jun 2009 23:18:23 -0500</p><p> > From: [email protected]</p><p> > To: [email protected]</p><p> > Subject: Match.com Message: RE: Itsadate</p><p> > </p> > <p> > So, I "obno...@talkmatch" (obfuscated email Match.com only email > address) would immediately know that a man identified only by his > Match.com screen name, was really "[email protected]". And > alternately he would also be able to see my outside email address in > his Messages reading pane.</p> > <p> > While at the same time, the bottom of the email Match.com "Message" > thread their application tacks on a nice DISCLAIMER:</p> > <pre> > ------start------ > Important tips: Protect your privacy > > Our email system strips away your real email address so that the > recipient will NOT see it in the > From: line; however, you must... > • Remove any mention of your email address from the body of your > message. > • Remove or turn off any automatic signature at the end of your email. > • Avoid using Cc: or Bcc: to help protect your identity. > If you receive an email that you find offensive or contains > advertisements for products or services other than Match.com, please > forward the message immediately to [email protected]. > If you no longer wish to receive communication from this person you > can block this user from further contact here. > > > DISCLAIMER > Match.com does not screen private email between members, nor are we > liable for the content of these messages. All members are bound by the > Match.com Service Agreement. > > ---end---- > </pre> > <p> > Match.com was informed on June 25, 2009 with screenshots. They have > yet to respond to this serious security application layer issue.</p> > > Screenshot: > http://www.obnosis.com/motivatebytruth/match_shows_outside_email.jpg > -- > (503)754-4452 tribe.obnosis.com > scientology.obnosis.com > plug.obnosis.com > -- (503)754-4452 tribe.obnosis.com scientology.obnosis.com plug.obnosis.com --------------------------------------------------- PLUG-discuss mailing list - [email protected] To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
