http://slashdot.org/~obnosis/
On 6/25/09, Lisa Kachold <
lisakachold@obnosis.com> wrote:
> <p>
> Match.com, the popular paid online "secure" dating site, was found to
> reveal private email addresses during messaging.</p>
> <p>
> Email Reply headers in the Messages reading pane reveal the "outside"
> email of the dating parties to each other. So my reading pane shows
> clearly at the top of an email Match.com "Message" thread:</p>
> <p>
> Date: Wed, 24 Jun 2009 23:18:23 -0500</p><p>
> From: obnosis@talkmatch.com</p><p>
> To: pairaway@hotmail.com</p><p>
> Subject: Match.com Message: RE: Itsadate</p><p>
> </p>
> <p>
> So, I "obnosis@talkmatch" (obfuscated email Match.com only email
> address) would immediately know that a man identified only by his
> Match.com screen name, was really "pairaway@hotmail.com". And
> alternately he would also be able to see my outside email address in
> his Messages reading pane.</p>
> <p>
> While at the same time, the bottom of the email Match.com "Message"
> thread their application tacks on a nice DISCLAIMER:</p>
> <pre>
> ------start------
> Important tips: Protect your privacy
>
> Our email system strips away your real email address so that the
> recipient will NOT see it in the
> From: line; however, you must...
> • Remove any mention of your email address from the body of your message.
> • Remove or turn off any automatic signature at the end of your email.
> • Avoid using Cc: or Bcc: to help protect your identity.
> If you receive an email that you find offensive or contains
> advertisements for products or services other than Match.com, please
> forward the message immediately to abuse@cc.match.com.
> If you no longer wish to receive communication from this person you
> can block this user from further contact here.
>
>
> DISCLAIMER
> Match.com does not screen private email between members, nor are we
> liable for the content of these messages. All members are bound by the
> Match.com Service Agreement.
>
> ---end----
> </pre>
> <p>
> Match.com was informed on June 25, 2009 with screenshots. They have
> yet to respond to this serious security application layer issue.</p>
>
> Screenshot:
> http://www.obnosis.com/motivatebytruth/match_shows_outside_email.jpg
> --
> (503)754-4452 tribe.obnosis.com
> scientology.obnosis.com
> plug.obnosis.com
>
--
(503)754-4452 tribe.obnosis.com
scientology.obnosis.com
plug.obnosis.com
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
%20would%20immediately%20know%20that%20a%20man%20identified%20only%20by%20his%0A>%20>%20Match.com%20screen%20name,%20was%20really%20%22pairaway@hotmail.com%22.%20%20And%0A>%20>%20alternately%20he%20would%20also%20be%20able%20to%20see%20my%20outside%20email%20address%20in%0A>%20>%20his%20Messages%20reading%20pane.</p>%0A>%20>%20<p>%0A>%20>%20While%20at%20the%20same%20time,%20the%20bottom%20of%20the%20email%20Match.com%20%22Message%22%0A>%20>%20thread%20their%20application%20tacks%20on%20a%20nice%20DISCLAIMER:</p>%0A>%20>%20<pre>%0A>%20>%20------start------%0A>%20>%20Important%20tips:%20Protect%20your%20privacy%0A>%20>%0A>%20>%20%20%20%20%20%0A>%20>%20%20%20%20%20%0A>%20>%20DISCLAIMER%0A>%20>%20Match.com%20does%20not%20screen%20private%20email%20between%20members,%20nor%20are%20we%0A>%20>%20liable%20for%20the%20content%20of%20these%20messages.%20All%20members%20are%20bound%20by%20the%0A>%20>%20Match.com%20Service%20Agreement.%0A>%20>%20%20%20%20%20%0A>%20>%20---end----%0A>%20>%20</pre>%0A>%20>%20<p>%0A>%20>%20Match.com%20was%20informed%20on%20June%2025,%202009%20with%20screenshots.%20%20They%20have%0A>%20>%20yet%20to%20respond%20to%20this%20serious%20security%20application%20layer%20issue.</p>%0A>%20>%0A>%20>%20Screenshot:%0A>%20>%20http://www.obnosis.com/motivatebytruth/match_shows_outside_email.jpg%0A>%20>%20--%0A>%20>%20(503)754-4452%20tribe.obnosis.com%0A>%20>%20scientology.obnosis.com%0A>%20>%20plug.obnosis.com%0A>%20>%0A>%20%0A>%20%0A>%20--%20%0A>%20(503)754-4452%20tribe.obnosis.com%0A>%20scientology.obnosis.com%0A>%20plug.obnosis.com%0A>%20---------------------------------------------------%0A>%20PLUG-discuss%20mailing%20list%20-%20PLUG-discuss@lists.plug.phoenix.az.us%0A>%20To%20subscribe,%20unsubscribe,%20or%20to%20change%20your%20mail%20settings:%0A>%20http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss%0A>%20%0A>%20 "Reply to this message")
(text/plain)