LinkBack URL
About LinkBacksDelivery of sensitive information to the correct email address by the wrong recipient is now avoided
A new mechanism has been developed by Facebook and Yahoo to eliminate the risk of recycled email addresses to be used for hijacking the accounts for services used by the previous handlers.
Under certain circumstances, the owner of a recycled email address can take over accounts registered by the previous owner of the address. If there aren’t sufficient protection measures in place, a simple password change request is enough to provide access to the services of the person whose email address became inactive.
Generally, access to an email account from the true subscriber to a service is trusted implicitly and no security locks are available.
Yahoo and Microsoft started to re-introduce into the circuit the user IDs that have been inactive for a certain period of time. In the case of Yahoo, the email address has to remain untouched for one year, while in the case of a Microsoft email service, the minimum frequency for logging into the account is 270 days.
RRVS standard prevents delivery of sensitive info to the wrong recipient
The solution implemented by Facebook to protect against this type of risk for Yahoo IDs is to insert “a timestamp within an email message to indicate when we last confirmed the ownership of a Yahoo account,” Facebook software engineer Murray Kucherawy says in a post on Thursday.
He says that if the change of the account ownership is confirmed, Yahoo can simply stop the delivery of the message containing details about modifying the password, and thus avoid its landing into the hands of someone else than the intended recipient.
The method, called RRVS (Require-Recipient-Valid-Since), is actually an extension for the Simple Mail Transfer Protocol (SMTP), and has become a proposed standard, published via the Internet Engineering Task Force.
Extension is useful in other situations
Apart from the use mentioned above, this solution can be adopted by other email services on the market that resort to recycling user IDs, in any scenario involving private messages, such as account statements.
Basically, any situation that might lead to sending an email to the correct address but intended for a different recipient may be solved through the implementation of the RRVS standard.
Depending on the email service, a notification can be shot to the sender, informing that the ownership of the mailbox has changed, which could prompt a search for the current contact details along with an update of the contact list.
http://news.softpedia.com/news/Hijac...s-463032.shtml
Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker! HDBits.org, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!
Results 1 to 1 of 1
-
10-24-2014 #1Extreme User
- Reputation Points
- 42493
- Reputation Power
- 100
- Join Date
- May 2014
- Posts
- 7,971
- Time Online
- 87 d 5 h 16 m
- Avg. Time Online
- 34 m
- Mentioned
- 576 Post(s)
- Quoted
- 180 Post(s)
- Liked
- 4129 times
- Feedbacks
- 173 (100%)
Hijacking Facebook Accounts No Longer Possible with Recycled Yahoo Email Addresses
Reply With Quote
