Online Status Indicator - Security Issue - Printable Version
-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Skype & Technology (/forumdisplay.php?fid=9)
+---- Forum: Skype & Live Messenger (/forumdisplay.php?fid=10)
+----- Thread: Online Status Indicator - Security Issue (/showthread.php?tid=21604)
Online Status Indicator - Security Issue by Beno on 02-20-2004 at 01:37 AM
If you go HERE. On the mess.be site they say how to get an online status indicator but what exactily is the security issure. I'm kinda wondering how someone could change my display pic with that script. How is that possible, is it just a hoax?
RE: Online Status Indicator - Security Issue by CookieRevised on 02-20-2004 at 10:10 AM
I don't know about the security issue they describe there. But I do know that in order to let it work you have to put your .NET Passport there (the email you use to sign in into Messenger). In other words, the whole world will know you email address....
RE: Online Status Indicator - Security Issue by Beno on 02-20-2004 at 01:44 PM
Yeah, I knew about that. But that's what I was wondering, With just a e-mail can someone cange my display pic? Cause you can't like use the script there to change my DP. Otherwise people would just host the script on there site and use it to change everyones DP, It didn't make sence to me either...*SHRUG*
More input anyone?
RE: Online Status Indicator - Security Issue by iascoot on 02-20-2004 at 01:57 PM
i think if you signed up and someone went to the site and entered details in your name, they can change where the display pics link too...
but dont trust me, im drunk.
RE: Online Status Indicator - Security Issue by Beno on 02-20-2004 at 02:03 PM
ok, That sounds like a reasonable explanation.
RE: Online Status Indicator - Security Issue by kao on 02-21-2004 at 01:49 PM
you can actually take the email part out of the script, but they wont be able to open convos, the script has a part like <a href='something or other'>something something</a>
if you take that part of the script out all they will see is the actualy picture and thats it, no one will be able to see your email address
RE: Online Status Indicator - Security Issue by CookieRevised on 02-22-2004 at 04:33 PM
quote:Yes, they will, your email is part of the image-url...So your email IS visible to the whole world. This is the snippet you have to use:
Originally posted by Kao
you can actually take the email part out of the script, but they wont be able to open convos, the script has a part like <a href='something or other'>something something</a>
if you take that part of the script out all they will see is the actualy picture and thats it, no one will be able to see your email address
code:
<!-- Begin Online Status Indicator code -->
<!-- http://www.onlinestatus.org/ -->
<A HREF="http://www.nextstepcomputers.ath.cx:8080/message/msn/youremail">
<IMG SRC="http://www.nextstepcomputers.ath.cx:8080/msn/youremail"
border="0" ALT="MSN Online Status Indicator" onerror="this.onerror=null;this.src='http://snind.gotdns.com:8080/msn/youremail';"></a>
<!-- End Online Status Indicator code -->
Now, take out the bloated stuff and you get:
<IMG SRC="http://www.nextstepcomputers.ath.cx:8080/msn/youremail">
As you can see, obviously the image-url needs your email to know what account it should check and therefore, your email is visible for everybody who wants it...
Also, as you can see you don't realy need to "register" on http://www.onlinestatus.org/. The only thing the registration process does it make the above code with your email in it...