Main » 2011 » Март » 16 » In mail ru does not close critical vulnerabilities
10:51
In mail ru does not close critical vulnerabilities


Recently it was reported that a specialist in network security, Ilya A., discovered several critical security vulnerabilities in the services Mail.ru. Their findings "bezopasnik" unsubscribe at tech support, but, as usual, has not received any response, not a greeting. Instead start using found holes in their own selfish purposes, or just forget about all this, Ilya A. just published a description of the vulnerability, and posted workers scripts that allow you to use those same vulnerabilities. So far published only a portion of the found, but a hacker says that if Mail.ru and this time did not improve, will be published and the second part. It is clear that such vulnerabilities will rush to use all and sundry.

Especially interesting is that information about the "holes" a hacker has provided Mail.ru a month ago. Information was obtained, as it is known, and all that no action or response. A month later, the expert has published all found in his blog.

Vulnerabilities have been very interesting - for example, one of them allows the user to delete messages after reading each one. Another vulnerability allows to send spam through the same Mail.ru. The third vulnerability provides an opportunity to destroy all records a particular user in the service "Weekly". Another vulnerability opens up the possibility of blocking almost any user account on the service spine to block someone else's account to the service Dengi.Mail.ru. As you can see, the "hole" is quite large, so that one can only wonder why the service does not pay attention to information provided by an expert.

A few experts on network security, test scripts, confirmed the urgency of the problem. The very same hacker says that this is only published in good faith, that Mail.ru nevertheless drew attention to the problem, and rather large, their own services.

According to this expert as well as other experts, the situation with ignoring the problem is not confined to Mail.ru, but also for other IT companies, both large and small, both domestic and foreign.

With regard to Mail.ru, a Ilia A. believes that the company did not test their products before launch, or if both tests, it is not particularly careful, "for show". As a result, these incidents occur.

Well, the wait for developments - so far Mail.ru remains silent.
Views: 429 | Added by: w1zard | Rating: 0.0/0
Total comments: 0
Имя *:
Email *:
Код *: