Re: [Full-disclosure] TrueCaller Vulnerability Allows Changing Users Details

[doc mombasa <doc.mombasa@xxxxxxxxx>]

Yes and how would you mitigate that?
Its not possible to validate the data as they donthave any pre existing
knowledge about your address book

2012/6/5 Kuwait WhiteHat <q8whitehat@xxxxxxxxx>

> Well, using SSL will solve the privacy issues which involves having a 3rd
> party sniff the traffic and reconstruct a database of users address books
> as outlined here
> http://q8whitehat.org/truecaller-vulnerability-allows-changing-users-name/
> However, it doesnt solve other problems such as the ability to change
> database entries or submitting fake data.
> On Jun 5, 2012 5:16 PM, "doc mombasa" <doc.mombasa@xxxxxxxxx> wrote:
>
>> the only "vulnerability" here is not using https?
>> .
>>
>> 2012/6/4 Григорий Братислава <musntlive@xxxxxxxxx>
>>
>>> Paranoia. Thor I is always publicly share contacts:
>>>
>>> Adrian Lamo
>>> c/o DMH Vacavill Psychiatric Hospital
>>> Vacavill, CA
>>> (707) 449-6504
>>>
>>> Hector Monsegur
>>> (480) 948-6377
>>> ADDRESS IS WITHOLD
>>>
>>> John Paul (JP)
>>> 594 3rd St
>>> Beaver PA
>>> www.inspirosity.com (is Out of business moved into is Gay porn)
>>>
>>> Jesse Tuttle
>>> (http://enquirer.com/editions/2003/07/28/hacker_zoom.jpg)
>>> (480) 948-6377
>>> ADDRESS IS WITHOLD
>>>
>>> Gary McKinnon
>>> PSC 1005
>>> Box 25 FPO AE / Cellblock 42
>>> Guantanamo Bay 09593
>>>
>>> AS (is in case I am too arrested)
>>> 4340 East West Hwt Suite 350
>>> Bethesda MD
>>>
>>> Has nothing to hid.
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/