And they only just worked that one out....
It's been known about for months.....
A vulnerability in Skype allows anyone to hijack its users' accounts just by knowing or guessing a punter's registered email address. The embarrassing security hole, which is trivial to abuse, was first discussed on a Russian underground forum three months ago. Last night a Russian blog publicised the bug, and details of the …
"I just don't follow how pointing out the timeline specifically mentioned in the article can be disagreed with."
Who said they DV'd you because they disagreed? Maybe the DV was because you were only repeating the content of the article?
Not that I've down or upvoted any posts in this thread.
This post has been deleted by its author
Gmail (to name one) does this, I am not sure about others. It also allows you to put a random "." anywhere in the localpart. The big problem with using a "+" is that most sites reject it, when it is in fact valid.
Are you a web dev? Read this, now go and fix all your no doubt incorrect email validation. So many sites fail on the "+" it's depressing.
Not if you are correctly handling the data. And that means not writing your own code, but using the widely available libraries for escaping etc. that exist for every major language. But you are quite right, if one has hired developers who just concatenct email addresses into SQL strings, then you will suffer.
The BigYin's maxim: If you think you know how to validate an email address, then you don't know how to validate an email address.
If there is some limitation, then that needs to be clearly documented and a proper error shown, not just crap like "Your address is invalid".
For example, I've worked on projects where we can't accept a backslash ("\") amongst other things in certain situations (not going into all the ins and outs of why - legacy is a bitch) - so we displayed a message along the lines of "The characters "\, £, and /" cannot be used in an email address". Clear, simple and let's the user know enough to use a different email (or call support and have a good moan).
> If there is some limitation, then that needs to be clearly documented and a proper error
> shown, not just crap like "Your address is invalid".
One major site did that to me recently. I eventually discovered that it didn't like the sequence 's','p','a','m' anywhere in my email address.
Biting the hand that feeds IT © 1998–2022