Re: OT: Match.com's Message System Exposes Private "Outside"…

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Lisa Kachold
Date:  
To: Main PLUG discussion list, List for Linux development and software engineering discussions.
Subject: Re: OT: Match.com's Message System Exposes Private "Outside" Email Addresses - SlashDot Submission
http://slashdot.org/~obnosis/

On 6/25/09, Lisa Kachold <> wrote:
> <p>
> Match.com, the popular paid online "secure" dating site, was found to
> reveal private email addresses during messaging.</p>
> <p>
> Email Reply headers in the Messages reading pane reveal the "outside"
> email of the dating parties to each other. So my reading pane shows
> clearly at the top of an email Match.com "Message" thread:</p>
> <p>
> Date: Wed, 24 Jun 2009 23:18:23 -0500</p><p>
> From: </p><p>
> To: </p><p>
> Subject: Match.com Message: RE: Itsadate</p><p>
> </p>
> <p>
> So, I "obnosis@talkmatch" (obfuscated email Match.com only email
> address) would immediately know that a man identified only by his
> Match.com screen name, was really "". And
> alternately he would also be able to see my outside email address in
> his Messages reading pane.</p>
> <p>
> While at the same time, the bottom of the email Match.com "Message"
> thread their application tacks on a nice DISCLAIMER:</p>
> <pre>
> ------start------
> Important tips: Protect your privacy
>
> Our email system strips away your real email address so that the
> recipient will NOT see it in the
> From: line; however, you must...
>     • Remove any mention of your email address from the body of your message.
> • Remove or turn off any automatic signature at the end of your email.
> • Avoid using Cc: or Bcc: to help protect your identity.
> If you receive an email that you find offensive or contains
> advertisements for products or services other than Match.com, please
> forward the message immediately to .
> If you no longer wish to receive communication from this person you
> can block this user from further contact here.

>     
>     
> DISCLAIMER
> Match.com does not screen private email between members, nor are we
> liable for the content of these messages. All members are bound by the
> Match.com Service Agreement.
>     
> ---end----
> </pre>
> <p>
> Match.com was informed on June 25, 2009 with screenshots. They have
> yet to respond to this serious security application layer issue.</p>
>
> Screenshot:
> http://www.obnosis.com/motivatebytruth/match_shows_outside_email.jpg
> --
> (503)754-4452 tribe.obnosis.com
> scientology.obnosis.com
> plug.obnosis.com
>



--
(503)754-4452 tribe.obnosis.com
scientology.obnosis.com
plug.obnosis.com
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss