Here’s how the Newegg email address was spoofed on the Creative forum over the weekend: Creative has a security protocol in place where you have to verify your email address before you can post. However, after you publish a post you can go back and change your address to anything you like. You won’t be able to verify the spoofed address and therefore won’t be able to post anything new—but anything you already posted will now display the spoofed address. Maybe you can get Daniel_K to fix your forum boards, Creative. (Thanks to Jawaad!)
Are You Sure You Want To Add That Facebook App?
By March 27, 2008
Gregory writes in to point out that Facebook does a lousy job of monitoring the development of its third-party Platform applications—and in fact many of them are written so badly that they can be easily hacked. The examples he cites, which are listed in the winter issue of the hacker magazine 2600, are all fairly mild stunts like spoofing user IDs, changing the moods of another user, and re-routing gifts, “but this information could be used to mount large scale social engineering attacks if automated and coupled with other information.” To illustrate how easy it is to change another user’s settings, he pointed us to a YouTube example of how to change another users “mood” via the Mood app.
Senate Committee Votes To Ban Caller ID Spoofing
By June 28, 2007
The Senate Committee on Commerce, Science, and Technology has voted to outlaw caller ID spoofing. The measure, S. 704, would make it illegal to “to cause any caller identification service to transmit misleading or inaccurate caller identification information.” Companion legislation sailed through the House earlier this month, giving the measure an excellent chance of becoming law. Senator Ted Stevens (R-AK) said the legislation was necessary to prevent false information from clogging up the tubes:
