Video Screencast Help

Insecure Forums

Created: 25 Jan 2011 • Updated: 25 Jan 2011 | 5 comments

Well, that's interesting.  I just got a bounceback from a forum post to my email (bounceback with an out of office).

So, everytime you post here, your personal email address is exposed to everyone who's subscribed to the forum.  Doesn't exactly breed confidence in Symantec's committment to security.

 

This needs to be fixed - a post to a forum should NEVER expose email addresses.

Comments 5 CommentsJump to latest comment

Crash Override's picture

I was able to duplicate this with my PGP out of office turned on and recieving that reply on a test gmail account.  I will bring this up with management.

Thomas K's picture

Thanks,

That issue was addressed yesterday.

See this thread - https://www-secure.symantec.com/connect/forums/new...

 

Cheers,

Thomas

mallardduck's picture

Thanks for the update.  Pretty basic mistake to make - makes us wonder just how seriously Symantec takes security.  Not exactly the best 'welcome to Symantec' situation for PGP customers, you know?

 

Might I suggest that you folks postpone the forum migration until after you've done more testing on the new forums?

Thomas K's picture

I am not sure what changes were made that caused the issue, but you can be sure it will not happen again. I will not make excuses for the programming error, but we do take Security seriously. The fact we were on this issue as soon as it occurred, shows our commitment to a safe forum experience.

I notified the site admins as soon as I learned of the issue, and the problem was then fixed within a short time frame.

If you ever have any issues with the forums, please feel free to PM me, and I will respond back ASAP.

Welcome to the Connect Forums.

 

Best regards,

Thomas