Quick antispam observation

One thing I’ve been doing recently is removing my membership of a load of websites that I don’t seem to have used in a long time. One side effect of not using a website in a long time is that I forget the password I created for the account, so I get to see how the website handles failed login attempts. Often, quite a few times :-(.

Now, some of these sites – and I’ve been notifying the owners as I go – give you a different failure message if you get your password wrong or your e-mail address. This is, to quote the twitterverse, made of fail. It means these websites can be used to automatically generate lists of the members’ e-mail addresses; useful to spammers, phishers (remember that the list is based on being a member of a particular site, so it’s easy to target the phish at that site) and even for later trying to compromise accounts on that site. I’d really avoid being a member of any site whose login page worked like that, and try to get them to change their error messages.

This entry was posted in whatevs. Bookmark the permalink.

2 Responses to Quick antispam observation

  1. Anonymous says:

    Happy New Year Graham,

    time for a New Year’s Resolution : Keep track of all the passwords to the sites that you subscribe to.

    There are plenty of tools around now to help with this.

  2. Graham Lee says:

    Thanks Martin, happy new year to you too :-). I already do have a password manager (based on one of the keychains on one of my computers), but some of these sites I haven’t used in so long they pre-date that management system. For instance, I’ve had to remove myself from some undergrad sites. However, I believe we’re covering 1password at the next OxMUG meeting.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.