|
|
|
|
|
|
by patcheudor
3353 days ago
|
|
|
I'm glad you covered the bi-directional aspects of the association. A number of years ago FB had a vulnerability I discovered whereby it was possible to register an account with an e-mail you don't own. Obviously it wouldn't be possible to then verify the account if the owner of the e-mail targeted failed to click on the verify link. To get around this, upon first authenticating with the account after registration it was possible to change the e-mail address to one you own then send a very request. After verification, it was then possible to change it back to the original e-mail at which point it was verified. In testing with a few people who never even had FB accounts and who I clearly did not import any contacts, etc., was that they fairly immediately received friend suggestions and even requests from people they knew. This was also despite the fact they'd never used the computer or even IP address used in the registration of the account. At the time it helped me prove a point that not participating in social media could be a security problem & to always take social media verification seriously. Obviously FB has since fixed that vector. |
|
|
https://caseysoftware.com/blog/social-media-for-social-evil-...