reports “A few days ago, when exploring how my e.mail address gets into the hands of spammers, I discovered that some sort of software for migrating from one blogging package to another creates an unencrypted plaintext file, publicly available, that lists the contents of all fields associated with a comment, including the commenters e.mail address — which commenters were told would not be publicly visible. “One of my comments was thus listed, with my e.mail address displayed. I sent e.mail to the blogger, who did not respond. After more that a day of waiting, I contacted her webhosting service, who refused to remove the file. “So I took the file, and extracted the e.mail addresses. There were exactly 1200 unique addresses for commenters. (Unix and Unix-like operating systems have a command uniq, which makes extracting unique records trivial.) I began BCCing the victims, pacing things so that my own service wouldnt mistake my actions for spamming. I provided e.mail addresses for the blogger and for her hosting service. “Sometime after Id sent e.mail to just 72 of those addresses, the file in question was removed. “Ive since found 15 other files of the same sort, for various other blogs, albeït not with my e.mail address in them.”
Posted on: Sun, 27 Jul 2014 07:12:49 +0000