Insecure Forums
Created: 25 Jan 2011 | Updated: 25 Jan 2011 | 5 comments
Well, that's interesting. I just got a bounceback from a forum post to my email (bounceback with an out of office).
So, everytime you post here, your personal email address is exposed to everyone who's subscribed to the forum. Doesn't exactly breed confidence in Symantec's committment to security.
This needs to be fixed - a post to a forum should NEVER expose email addresses.
Discussion Filed Under:
Comments 5 Comments • Jump to latest comment
test
I was able to duplicate this with my PGP out of office turned on and recieving that reply on a test gmail account. I will bring this up with management.
Thanks,
That issue was addressed yesterday.
See this thread - https://www-secure.symantec.com/connect/forums/new...
Cheers,
Thomas
Ooyala Community
Thanks for the update. Pretty basic mistake to make - makes us wonder just how seriously Symantec takes security. Not exactly the best 'welcome to Symantec' situation for PGP customers, you know?
Might I suggest that you folks postpone the forum migration until after you've done more testing on the new forums?
I am not sure what changes were made that caused the issue, but you can be sure it will not happen again. I will not make excuses for the programming error, but we do take Security seriously. The fact we were on this issue as soon as it occurred, shows our commitment to a safe forum experience.
I notified the site admins as soon as I learned of the issue, and the problem was then fixed within a short time frame.
If you ever have any issues with the forums, please feel free to PM me, and I will respond back ASAP.
Welcome to the Connect Forums.
Best regards,
Thomas
Ooyala Community
Would you like to reply?
Login or Register to post your comment.