« What's a Meme? | Main | WashingtonPost.com Names Top Political Blogs »

Tuesday, October 26, 2004

Report - AOL Blogs Security Glitch Exposes Email Addresses

Help Net Security reports that AOL Journals - the company's blogging platform - is suffering from a significant security glitch. HNS reports the issue lies within the blogs' Atom/RSS feed options. A poster named Steve writes...

There is a link on the journals that would allow users to get an Atom or RSS feed for that weblog. The webpage that pops up containing these links to the feeds displays the full path to the user's feed (which includes their username, which is subsequently their e-mail address). The link to the feeds, however, does not use the username in conjunction with the blog name. Instead it uses a BlogID number which appears to just be incremented as blogs are created.

As a result an attacker could increment through the numbers and obtain thousands of user e-mail addresses. This flaw is especially noteworthy due to the easy and speed at which an attacker could obtain the usernames. Also, the username and blog names could be easily traversed through to gain information on the user that could be used in conjunction with targeted spam among other things.

According to the report, AOL has yet to patch the hole.

Posted at 07:47 AM in Weblogs |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341c5e1c53ef00d8353f230e69e2

Listed below are links to weblogs that reference Report - AOL Blogs Security Glitch Exposes Email Addresses:

Comments

Search


About

My Photo

Follow Me on Twitter

Subscribe

Contact Me


  • Email Me

  • My Employer

Archives

More...

Read My Favorite Feeds

Miscellany

Related Posts Widget for Blogs by LinkWithin