Results 1 to 7 of 7

Thread: tagged.com emails auto-login

  1. #1
    Member d34dl0k1's Avatar
    Join Date
    Mar 2007
    Posts
    58

    tagged.com emails auto-login

    I just signed up for tagged.com because I heard about something strange...

    Apparently - they send email notifications with tokens in the URL that authenticate you automatically to their site after clicking...

    I was wondering what kind of vulnerabilities would exist with this... For instance if my email account is ever used by anyone else again, they would receive these emails that let them into my account.

    At the same time though, password reset emails would get them in all the same.

    Does anyone else see this as a problem? It seems fishy...

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Quote Originally Posted by d34dl0k1 View Post
    I just signed up for tagged.com because I heard about something strange...
    Just a word to the wise, tagged doesn't have the best of reputations. Quite a lot of profiles are fake.

    Apparently - they send email notifications with tokens in the URL that authenticate you automatically to their site after clicking...
    That's correct. They're not the only social network site that does this btw.

    I was wondering what kind of vulnerabilities would exist with this... For instance if my email account is ever used by anyone else again, they would receive these emails that let them into my account.
    Correct. You also need to be careful when forwarding said emails. It will contain a link anyone can use to login on your account.

    Does anyone else see this as a problem? It seems fishy...
    As I said, I've seen more sites do the exact same thing. Just be careful were you leave those emails.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Last edited by nihil; August 19th, 2009 at 11:46 AM.

  4. #4
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391

  5. #5
    Banned
    Join Date
    Jan 2008
    Posts
    605
    One plaintiff is an 11-year-old boy who joined Facebook and then posted that he had swine flu and uploaded pictures or video of "partially-clothed" children swimming, according to the lawsuit.
    Did people not catch the slight references to memes in that paragraph?

    Edit: How much do you want to bet that the pool is closed due to swine flu?
    Last edited by The-Spec; August 19th, 2009 at 06:13 PM.

  6. #6
    Junior Member
    Join Date
    Aug 2009
    Posts
    27
    Quote Originally Posted by The-Spec View Post
    Did people not catch the slight references to memes in that paragraph?

    Edit: How much do you want to bet that the pool is closed due to swine flu?
    My gosh, they were "partially clothed" You mean their parents didn't make them wear those full-body bathing suits that were popular in the 1800's? What's this world coming too.......

    Obviously the 11-year old's suit was written by his parents, or by a lawyer hoping to win on the anti-child-pornography wagon. Understand that I'm totally against child-porn as I have kids, but "partially clothed" at a swimming pool??? They need a life.

    Have a great day
    Patrick.

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hello Patrick,

    My gosh, they were "partially clothed"
    ah! but it doesn't say which part?

    Obviously the 11-year old's suit was written by his parents
    Who I would now have reported to the Social Welfare..........the parents let him run feral on the interwebz?

    56 days in Colchester Military Corrective Training Centre............he will come out as something useful for Iraq/Afghanistan, or a vegetable

Similar Threads

  1. Tracing Emails in Microsoft Outlook.
    By FanacooL in forum Computer Forensics
    Replies: 13
    Last Post: September 5th, 2006, 09:46 AM
  2. Secure Login System
    By valhallen in forum Programming Security
    Replies: 10
    Last Post: August 29th, 2006, 10:46 PM
  3. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 08:01 AM
  4. auto login in RedHat Linux
    By mani034 in forum *nix Security Discussions
    Replies: 5
    Last Post: September 25th, 2003, 01:19 PM
  5. Newbies, list of many words definitions.
    By -DaRK-RaiDeR- in forum Newbie Security Questions
    Replies: 9
    Last Post: December 14th, 2002, 08:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •