Cheddah
join:2001-12-31
San Rafael, CA | That's why I always use a junk email addy...
I use a junk email addy when I make online purchases so I don't care who has it... |
|
B777300
join:2002-01-02
1 edit | (nevermind)
Thats rude |
|
Logan 5
Some people go WAY over the top
Premium,MVM
join:2001-05-25
The WasteLAN |  Wh00ps.....
I don't personally use amazon but I feel BAD for the people who have or may be compromised by this....
Guess the Q/A people were on vacation when they programmed this?  |
|
MrTangent
join:2001-12-28
Earth
| said by Logan 5  :
I don't personally use amazon but I feel BAD for the people who have or may be compromised by this....
I'm not sure having your email account found qualifies as being "compromised". It's unfortunate, but it's not like passwords or credit cards were given out. Let's put this in to perspective here.
--
"War Is Peace. Freedom Is Slavery. Ignorance Is Strength." |
|
MrTangent
join:2001-12-28
Earth
| If you're able to view your opinion...
"Unhappy with a book review? feel free to flame the reviewer directly." If you're able to exercise your freedom of speech then why is it so awful to imagine that the author would be able to do the same? If I wrote a scathing review of a book I wouldn't feel the need to cowardly hide behind anonymity. Hell, I'd encourage feedback in any shape or form.
However, I do agree that this slip-up should be fixed immediately, but again, let's put this in to perspective here. This article makes it seem like this simple and relatively innocuous flaw is responsible for the recent "Orange" threat level increase.
--
"War Is Peace. Freedom Is Slavery. Ignorance Is Strength." |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
1 edit | Found it. ;)
Wasn't on the "right page" sorry. That's pretty sad. I'm glad I don't "One Click"  |
|
fartness
Computersoc Dot Com
Premium
join:2003-03-25
Look Outside
clubs:
4 edits | reply to Cheddah
Re: That's why I always use a junk email addy...
Wow! I can get their home addys too! Click on "Request e-mail address" and then go to "View My 'About Me' Page". Have there been any reports on people exploiting this with malicious intent? Good thing I don't have an account there...or do I??
EDIT: Yeah, I do...and the thing works. Good thing the thing I mentioned above doesn't always work. I only get my email. I typed in random user names and some showed their home addresses with names and everything else too...
--
»www.computersOC.com - User reviews of computer hardware - Computer forums - Adelphia forum - P2P politics - more... |
|
devrandom
I got a pot, full of random stuff here
Premium
join:2003-06-28 | reply to Logan 5
Re: Wh00ps.....
Well as soon as this gets enough PR, it'll be fixed. For now I think Amazon would consider this bug a "feature".  |
|
Logan 5
Some people go WAY over the top
Premium,MVM
join:2001-05-25
The WasteLAN
 ·Pacific Bell - SBC
| reply to MrTangent
said by MrTangent :
I'm not sure having your email account found qualifies as being "compromised". It's unfortunate, but it's not like passwords or credit cards were given out. Let's put this in to perspective here.
Email accounts can be and are spoofed all the time to make it look like your address is sending anything the spoofer wants. From viagra spam to male surgical 'enhancement', there's no telling what someone could unwillingly be a part of.
Plus let's also not forget that most sites send email confirmation of passwords, user account names & numbers and all manner of personal info when you register with them. All it takes is some embedded malicious code in an email sent to your address and just like that, you've installed a keylogger, or a trojan or something equally as bad.
It would hardly be trivial if the FBI knocked on your door one day with a warrant for your arrest for emailing kiddie porn that they had PROOF came from your account at your ISP....Be kind of tough to prove otherwise when they're holding the logs....
Yes, I think the article is in perfect perspective thank you. Those people had their privacy compromised and that's too bad for them. |
|
justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| reply to MrTangent
Re: If you're able to view your opinion...
I wasn't talking about an author finding the email of a reviewer. I meant, customers can flame each other. Any community site goes to great pains to make sure that only people you wish to know your email, can see your email, and amazon is spewing all of them, to anyone. |
|
statemachine
Premium
join:2001-01-21
Si Valley
clubs:
| reply to MrTangent
said by MrTangent :
"Unhappy with a book review? feel free to flame the reviewer directly." If you're able to exercise your freedom of speech then why is it so awful to imagine that the author would be able to do the same? If I wrote a scathing review of a book I wouldn't feel the need to cowardly hide behind anonymity. Hell, I'd encourage feedback in any shape or form.
You say that now, but wait until someone hacks your computer or a package-bomb shows up at your door, or you unexpectedly lost your job -- just because you had an opinion that was not inline with the majority.
said by MrTangent :
However, I do agree that this slip-up should be fixed immediately, but again, let's put this in to perspective here. This article makes it seem like this simple and relatively innocuous flaw is responsible for the recent "Orange" threat level increase.
Some people may feel more threatened due to the personal (and accurate) nature of the information leaked, rather than someone vaguely referring to "chatter" on a subjective "suspected terrorist" network about some possible event in some vague area of a very large country.
You call anonymity "cowardly" but others would call it "practical."
However, we do both agree that this flaw should be fixed immediately, although for different reasons. |
|
shortman
Premium
join:2000-12-27
Garden Grove, CA
clubs:
| Changed nickname, but can nicknames be listed?
I just went into my amazon.com account settings and changed my nickname from the default provided by amazon.com to something unlikely to be guessed.
But I still don't know if my email address is safe since in the process of changing my nickname the site told me that my nickname is always publicly accessible. I searched around their site and I was unable to find a way to search for a particular nickname. I tried searching on my nicknames in general search boxes at amazon.com and they did not turn up any results.
I have always had a unique email address with amazon.com though, and so far I have never been spammed at that particular address. But with this flaw in their system I am seriously surprised that I haven't been spammed. My original nickname appeared to be a simple sequencial one created by their site when I originally purchased from them. I expect I could gather a great deal of email addresses by simply incrementing and decrementing the numeric portion of that original default nickname. |
|
medfly
join:2003-05-15
Windsor, CO | uhhh, i dont think this works
i tried it on my amazon account, and the address that came back was some wierd one that i've never had. I also tried Bezos as well, and it came back to some wierd name @mindspring.com |
|
Chief Sparky
52 Still On Patrol
Premium
join:2001-04-25
Thibodaux, LA
| said by medfly :
i tried it on my amazon account, and the address that came back was some wierd one that i've never had. I also tried Bezos as well, and it came back to some wierd name @mindspring.com
I works just fine. I just tested it from work with mine and several of my co-workers (they were all rather shocked to see their emails posted). So the problem with the site continues.
--
Life's too short to drive slow cars. |
|
starstuff
Fly By Wire
Premium
join:2001-12-05
Mcallen, TX
|  No wonder why....
I was receiving spam from faked amazon.com addresses.
I use the "Exclusive - you will only receive e-mail from addresses appearing in your Contacts" option in my hotmail account. I use hotmail.com as my junk mail account. On Nov 18 I got a mail from:
START OF HEADERS
From : Conrad
Sent : 12:54 PM
To : yeqgs8Ej5d@amazon.com
Subject : Eliminate Debt Right Away
MIME-Version: 1.0
Received: from mc8-f8.hotmail.com ([65.54.253.144]) by mc8-s13.hotmail.com with Microsoft SMTPSVC(5.0.2195.6713); Tue, 18 Nov 2003 14:56:28 -0800
Received: from C6f1MaFZu5.amazon.com ([24.168.98.66]) by mc8-f8.hotmail.com with Microsoft SMTPSVC(5.0.2195.6713); Tue, 18 Nov 2003 14:55:44 -0800
X-Message-Info: Nw2+5eWlNspymOXfELWPkaYhSOauncStUpG3NwG3M38=
Return-Path: veLsbQFjRpLxHt@amazon.com
Message-ID:
X-OriginalArrivalTime: 18 Nov 2003 22:55:45.0246 (UTC) FILETIME=[1991F7E0:01C3AE27]
END OF HEADERS
I complained to amazon.com about the incident and to express my concerns about my security and privacy but I haven't received any confirmation or explanation from them.
I thought this was a lucky hit but after reading DSLR's article now I know it wasn't.
I will remove amazon.com from my safe list and I will not buy more merchandise from them until this security issue gets resolved. |
|
darthur2000
join:2002-01-02
Middletown, CT
clubs: | Didn't work for me?
I just tried mine and it didn't work for me so maybe they've got it fixed now. |
|
shortman
Premium
join:2000-12-27
Garden Grove, CA
clubs:
| Are you that say it isn't working sure that you are using the correct "nickname"? For my account it wasn't something that I had chosen, but was something assigned by amazon.com. You have to go to your seller preferences to figure out what your assigned nickname is if you didn't choose it yourself. |
|
Sarick
It's Only Logical
Premium
join:2003-06-03
USA | Yea I I wrote in my user name and GRR
I tried it and it showed an e-mail for Sarick..
Sheesh |
|
Morac
join:2001-08-30
Riverside, NJ |  Call Amazon
I just tried this and it works (though I couldn't get the home address to display).
I suggest everyone change your email address and then call Amazon and complain.
Amazon.Com Customer Service: 800-201-7575 |
|
Harknell
@dowjones.com
| still a problem
Well, as of 10:00 am eastern time it's still there. I just checked. (btw, you need to click on the sellers profile link to go to the actual page listing your email address, it's in the grey bar that surrounds the info area in the bottom middle).
I'm not too worried about it now, it's set to my spam email address, but I can see this being a problem for people who put their main email address in their account, since they want their purchase confirmations to go directly to them. If amazon wants to keep this feature they should simply change it to a link to a form email that never shows the email address and is sent from their site. Then you can contact the person, but no information is ever transmitted without the other person's approval (obviously if they reply they are providing an email for the person to see). Ebay does this already.
Harknell |
|
