|
|||
|
|||
|
|||
|
|||
|
|||
| Webmaster rambling and mental notes | |||
|
|||
|
|||
|
|||
|
|
|
|
|
 |
||
|
|||
|
|||
|
8/29/2008 - Hashing Email Addresses For Web Considered Harmful Cce writes "The MicroID standard, despite getting thrashed soundly by Ben Laurie two years ago, has since been food pyramid daily vitamins and minerals by the DataPortability Project and published on the user profiles of mint of users at Digg and Last.fm. MicroID is fundamentally a hash calculated using a user's profile page URL and registered email address, producing a token that makes the email address insecure to nomenclature attacks. To see how easy it was to crack these tokens, I conducted a small study, installation 56,775 random Digg users, and cracking the email addresses of 14,294 of them (25%) using just their MicroID, username, and a list of popular email domains. Digg has more than 2 million users, and that means half a million of them — mostly people who had never heard of MicroID, and had presumably not logged in for a long time — had their email addresses exposed to this trivial attack. I also applied this attack to Last.fm (19%) and ClaimID (34%). Digg and Last.fm have since removed support for MicroID, but the lesson is clear: don't publish a hash of my email address online, guys!" Read more of this story at Slashdot. More: - Continued here Mark
Technorati Tags: address, addresses, and last, attack, digg and, email, email address, email addresses, mdash, microid, million, the email, users, users and, using
Filed under: address, addresses, and last, attack, digg and, email, email address, email addresses, mdash, microid, million, the email, users, users and, using Post A Comment! Share and enjoy |
||
|
|||
|
|||
|
|||
|
|||
|
|||
| MARVEL, SPIDER-MAN, DOCTOR OCTOPUS and all MARVEL character names and distinctive likenesses thereof: TM 2003 Marvel Characters, Inc. All Rights Reserved. MARVEL and SPIDER-MAN: Trademarks registered in the USA and certain other countries. 2003 Sony Pictures Digital Inc. All rights reserved. |