|
|
|
Harvesting Teenagers
By: Larry Seltzer
2007-04-10
Article Rating: / 17
There are 18 user comments on this Network Security & Hardware story.
Harvesting Teenagers (
Page 1 of 2 ) Opinion: Web 2.0 means a lot of fuzzy things, and they're opportunities for the bad guys too. One new social networking site is a poster child for the abuse of social networking.Business is business, but some things are dishonest, and dishonest usually gets away scot-free on the Internet. You can learn a lot about what legitimate looking sites are capable of, and what ordinary users are willing to do when asked, from the example of Tagged.
Tagged is one in a flood of new social networking sites targeting teenagers. Theyre all MySpace wannabees, and perhaps some of them are harmless, but Im going to focus on Tagged. It first got my attention several weeks ago when I got about six e-mails in rapid succession from her. They were obviously auto-generated invites to join a site and said "[my friends name] has added you as a friend on Tagged," and "Please respond or [my friends name] may think you said no :(". I could tell right off something phony was going on, but I still had better things to do, so I passed, and my friend was apologetic about it. I wasnt the only one who got the e-mails.
 Web 2.0 represents multiple transitions in the manner of using the raw material of the ubiquitously connected public network. Click here to see a video about the business of Web 2.0.
Then I read this blog entry from Symantec and it explained how my friend might have gotten hit: "...when a user signs up for Tagged, theyre practically forced to put in their Webmail credentials. Tagged then logs into your Webmail account as you, accesses your address book and prompts you to e-mail your contacts using your Webmail address as the reply-to." At this point, I have to figure the phenomenon is maybe bigger than I thought and decided to do some testing.
First, its worth noting about the invitation e-mail that its sent with a From: and Reply-To: header of the members e-mail address, but its actually sent through the tagged.com mail server. They use an envelope-from address of bounce@tagged.com so that they pass SPF (sender policy framework) tests (a good example of the useful limits of SPF). In most mail clients, the message ends up looking like it came from your friend, so you dont want to block the address.
I set up two Gmail accounts specifically for the testing and a number of e-mail aliases on domains I own to be my "friends." I put these aliases in the address books of the Gmail accounts. Signing up for Tagged (which, I admit, I did under an assumed name), was easy enough, although I did quickly run into what Symantec describes. I was prompted for my Gmail credentials. They already knew my Gmail user name since I had provided it as an e-mail address. There is no option here but to provide a password:
Before too long the addresses in my Gmail address book received invites like the one I received. I later figured out that you can provide an incorrect password here, and it lets you proceed. Incidentally, they have similar functionality for AOL Mail, Hotmail, Yahoo mail and MSN mail.
Before I actually signed up I decided to read their TOS (terms of service), something Im sure none of the teenagers they target have done. Its long and a genuine Nightmare on Elm Street for the abusive and, while were at it, misleading rules for privacy.
Next page: The Terms of Service
| | Reader Comments: Harvesting Teenagers | | >>> Post your comment now!
| | Unsafe website for childrenTagged contains an incredible amount of pornography, including probable child pornography, and allows easy access by adults to the children they are... Posted At: 10-14-09
By: A Detective | | | | | | Tagged is terribleTagged is terrible. Is full of stalkers and hackers. I was once a member, I reported a stalker and the next morning my account was canceled. They... Posted At: 08-26-09
By: Anonymous | | | | | | Take my password - please!Sure it's pretty bad that Tagged is sending out faked emails from users, but I simply cannot believe that almost everyone I know has blithely given... Posted At: 06-11-09
By: Chris | | | | | | A user comment on this articleAlso, it addressed him as Mark with a DOB near his real bday? His name is NOT Mark. What is this? Posted At: 06-10-09
By: Anonymous | | | | | | A user comment on this articleHave any of you seen the email from tagged that's stated below? It's a link to click on to go to tagged.com My husband is in Iraq and received this... Posted At: 06-10-09
By: Anonymous | | | | | | A user comment on this articleI filed a complaint with the FTC and with abuse@veriohosting.com. verio hosting has informed me that they do not supply any hosting services to... Posted At: 06-09-09
By: Anonymous | | | | | | File a complaint with the FTC. I did.First tagged.com tried to deceive my daughter and two days ago I received a deceptive email sent by tagged.com on behalf of my friend who did not... Posted At: 06-08-09
By: David | | | | | | >>> Post your comment now! | | | | | |
|
 |
|
|
�������x}r6*(gLR-cY^K3I*�EB�c䒔/ٗ?_8x��-ٞ8�$�n4�w�~vv IM˙kmJvg9�[�D;;}.G|gQP�/�2r}R �
�{iFmMFNHB��~m@~s?³J,Ad-FF5��%SjMaCkf��FcWf�2ʼn5m2�f
�E1;G�}9D@�- �6
�#&��ڥ�ȏ�ͻ'k[!t�e�N(�oTGYFn�3q�a/De_X�HY�b[�Aq<��5i��;��;�z~;B�Z&QuVV��ٮq�8]�b#0+#O3�c奨�H�aP`\ 9t}�vu"7J;qz�%Mi�FfQ%p'z:rm3C�"����k>�NZ]@Z�3ˆ辥{$�)5�= \o4"�1lp2�I9$�7�:\ڨ?yiMV�cF8C�YnU~=
:ҍ�}4�&j&9b�M �S
��P2zhN-2Q�Ȳn�Mw�3a[Mѡl7ZkuE9,},�,t�r�NeW47F}RU5MQe?
n8u�p;ZJ}�n�ESsو&(PlXaV|]mUk_{}K'^AMn��[CE�C�0ʾ�~Fbw<|&�J]~<:�$ץcY>�
�;Be}Q 4ӗ?�W=RxTɢ��V5-��I`�ߖIf�wY �)��4VTX�4C+D_0N�D9n�cf4�I����2��3}� M���H��
`3R荦Ŀi�K3_^*_��1jNTwEQ��c'{�|�鎓�>�#ʠ
:괉;\gV�S�4@!�
&-�
'pb��:� }#
�1f4��m�TH"AЂN�4�T8n�M`�2��Z�9ܹ
L&��Z��AV4��c`��V�����GPC�!]7$>�($@�+�>=��t~[>lP��s�zQ�N\Q�o�@' dSJJd�$D�!"�5i]N�P@B�r<��-��4rr�d+��3~C~vGBjւ+�6ODs@�Gҹ;qjr_)̄rF��Z
z)zI)lΌ�e&zϏaZLdo��W�^�,�Uto35M�us֪%6��ҋzhBơ3yjm��S#�U^?u�w4�,��qƾ�}��p�M?��f�'>c~X�poǖaB?5aѺ)C��--j�|6�T���L{dl{�ɚM�>�BӭB63 �}wƠ:�F'(���EuMޖK{�xL(=
}Y)M�h
��
<5nV�AL��1�t�x增U
�JxP?sL�eDfko�,D�,
9*cΫ(ܲPӔ�f,�+1.�I�/
u�P\�)9Aw���S9tNk{_f]ZЬ+(V6/:A']�օV�P+=o�@�y#� h{K��mkaԕ %/մ�E�AnbX�:�X>}iH^&ôWRo?M!4f:!j-j�\'O[ߪ&TYV062ai[F��Mj_>Oa3
� �9P��87S$l%U*)z�T-}�=_T�<}:���tc�p6xBJm�כA�
cOѬ,���p8*4j+z
V�Ä烈7@E3�k�%�tDc*t퇙grp쟶ה=%
Υ_8�ͧW6�y+j�U}�}cG�L�mRǖM�B�!{ӞW+>Z3YɰZQJ! V�D�ȸau-CaP|j~]v1+\~ �K VHr!��sMq��N�WӐPS@ �b^,(t=(U��5Qް<~lL4�B�7�.B@Ł'<.�Y6[P=>ĦTQ߀*�KRM�](Xm°�&�,< "+��iȐ0ց 0�N>Db������\���U.)L0�:J�j
2�,X����T�B4f64�W߀�Ēja1�:G>5>Z_=n2dBT�^e�j<{LRKz-A8:VjeV�gGE�tq��Ǽ�O 3nA�.�Y >{�V�N8eC�@=&��{-K�[�eXFt!_*'ϐUqё,u�`�늦�t�V87V=�"�@;
vQ�#h#�R
�`�j@$��p�LM{6riγ�*�;�/nhZK�y�I�f0 �l"�?崰Y
M�TQGs?@ťQ�r�gic�
Ma�3b/ �RۯT~i;'
�_%mpHA���
ќv;#ؐCMA;aZS餸��=ܷ�VvPB�=o��B3G7o$��LjRT&O[+XJ/U87>�sm&mjvJA!�x8&So�J~��Qjy6U�E�3>�о�
N-(CR#Cu[`G1��/��jS>/�"]W5o�ʗɈBŜ"K�0k&*�w%sPU3yr=ݯWj+d�V'�#�?ҍ'�Uc{2~���i-aN@yN5�� �v�uxՂ|O��'E(3_W`3�~5oٝ�sNC7E$79`ܘ��G[HOo�07�$+0l�7kJEVKu�EZ%)�c�^.g�}]٘yֱ4>�ʐiG�2gdY��HV�z\ �w2|��uN�Xoz�_7)>F6�!�ɕF !�I0@{FY*,.?�CU\+Ԋ�/YXIIKɜ]A�рM\r8�kps!p}�/O A'FZM%R~4i#z/&��hs�kg o@LeM+t׀mkZpWGk&�3��{G�2ɲ\�'��UVگpNg(��,�$$�l,rޏGɷo��njB�<8 K�Aנ)ɑH�HD��bJ3I-4�n7<[Te��#�111u?|۽��)����l�m
�+ ���St-dE2�m;?R;'�R6ib �x:Ȅyu�t'N_Awqk;�q�a^x;Z\00C�~:�'�!EˇW�'Rz�Q^��98�� �K RCbv}LWszV^NN:�+^6v>�D����2CHw4*r��z]�ۺz߹�/v�{W�!9\t�xޥ(`F!=�uyq£U8B*Dyu�|hq\3nmF�'%�L_=�0<;&/!mM@H�}]85c-MgnAk6Ê,p\J>}[|,'�Mw[�v1CNz7 A.>�@�6̯���$S
:tD#(o�Z7m\�T�}e6d>HPZ�=ty8!�-[vfCYl�F=f/ݷvkW}m;Ǎ��i�c(\��h�Siɘ&B�ARTUjlko$�r�Y9sJE_V
;hd�,�E#^�d1W.(P2PtAK�Rs`̾�qC7L�b��R?w�B��X�]
{~W�]ߣIݣ)P;6vYjEU�9.r\�5"�nǸZY$|:O�90I7�=E$/@fm mD.Ekg[DL;*t'�x||nƄm�?G5�ȥ�<�=t7�76�BfX E�V1a+�}k�՛�R.Bb)@����P`
횻�܍1³��D`HI@R�Gi�سM� ��_5�6��Z;6
L+|Zb�Zyba�8\b��ulD[cCƓd�cz��s2i��KMΟ�2� |cI5�%&p!$~8�U{r+r�)?8���»/Vx�e�[b4v[8| rKG��'s緢jd�lŨ̆ZV?�DI#[�bOO^N^wz�\^�I�uj.E>43ˁm.�.Cǘ��4j *ыhΌD"�d;څzoΎ美�SK~ζcM�;J.N-sKWj=u�u�`�(�-a4͈̽C�㸷@ܤ94~:z�u$�|i_�UsIwLصA�X2?k�!"9HG�O>f>V�N]�06�-�&�k%�H]ÝE",(,�q]+piٟO&�͑��;�s *szQ̼I%a^� :m
Q m�&5Qb9a �}I
Ԟ�]]�J�51�-
��>
*�Jj�97@8Nynxp,vYD�d2>�s!ݢ�mQ��?nj5�XR�f�~J:hW)yǍ%5WX%
yN�I˟^q`"u�O*I��R Rg50(ߦ'EJ:ZGO�VZ^?,W*ղR>4GDcN�i�.J���7Qt�ɡ�)=�<�Dt��#(s��PزMǥ@�f�{E,3~�M<��C@mC��9$a2qQSbr*��Cc�J�mѤx��?�ʞuOm6�,�{�y&�luB?�j#yuQ)Ujz_&Y!&F -'+~Ķc�ųz@\�o=,Q%;yz�
sPͥ>=,z']m�%!s�P�+t�ZE/��ji ̃�����^c���$a!"r*=prkE^g\�-fm5Zz>ؗCKr�IV� ÝHD X�c5rKQvT.����zsO Mɪd�#q`~wpC7Q��� XuǺN%3>4Wj@뒪IJ}�-^Q�d x��oIinÚV�:i�g�+QO3hV@XI:>�̀?'�诋 ��㠹u'�ꦴVy)Zcw2Oli2ul[N-(KtDA�$\��k4UIS =�ARԼJ%�.)����D
,�����U��T"ĂOMmSڬ�At}�֮4B4_�K%U!�Ea���%��
�pXKm[ty'hȧk3va̮BfӤn�o҅ܺӌYsAqT.iZd&�*�ڱ�M�WA`/X#{:JO/=Ij:d�\;c�fv5vaq#r��3�3�3�3�G몢+}e50gQr:\Xi_ڪ{ƠѶEAaeS1xziB�Ɩo>��a!����2כ� ���ǽ9�k�Rxz*~O/!�`�k~臷��,}(&&�d�q�!�",06@$ D�Kr֙QKQ7C7C7C7C[i/o5,r�Di�mM�/mVR[b��,C��{XC�W*ub���vM�_( x$�WTLJONe5��E `,vt���}X��SUW7`Oݦtxٱke�d>~5&}mf]�v�;{d���H��<�O
Bs>LBDD_>��Q7ts_�Ϝ-JBOuxro%ʂ1�ď� PUv
u�=[
[M3'�WLaK�o#M^�j��v
B!���^|mg~>#�QoEg`jyrWLFus8#�wz�K �R3x!ʵf�"�
/@1+xg@8(^��<�)�|R(nJt={�Bsg;^66K4Y`:G]úz_*�wN�e�tlR�ş
oWj=riVU[37�=m�`5!p �7!�K 3'[xx5wZ���/0*8^���Hw�uYo!�Ns3I"{mZ@+=Z�T=�m�k`}X�'ű�I;_<�@E[_Z/=+t�+hmoRY2C-Wjp�,rʉu�Iz{b�~C�2o�@44kQY#�jIHg�cS8WBhv8cYXC@F�`R�,�Z%�zCG/\.ޮb�>[ܺ�#�eiFAbvi/.mv-/V-��*Q ,l{1;�pOҗf;feZVL�C&p6�]}�r�Ec��bx�`hGD)�glo�#Ըol`814q*�wo�>(�7=�X67}
Y+~�)Ԝ].fE;�Y��� �O?�I7�W|VG}K:iL/���GO_��dEi'y{Hd�:f�ԿG)4C�[�?N��uM|z�%oE?c&Su(41�N|�y�NxNtL+LőEG||`'RDJ�1PS/$](m�^\�[I#�Hr#E|[nw߅Qޯ*F\{N9.t�߲�xo?��G~_HR��\q��odaT"(lsh�F](�boGCuu~�rm�ķB�}�UZDq��vVz@Yn�Ӷ�ל��4�!-(�-.~�aIzMR*{Lj$9�q}ENm1'�� 0R_=��VG�B�8�AXJߘDJP`�an`8ĒI
u p#(YL3^z�p2sϙTh�/ZNt/XDkژ�cΩ-ZMWWs.�16tAj-bYAMc�2Ʒ^Z!tOpkBx�q<�tlNz� ԣ:BMz�WU"�%`G�1
=�HsrW�S#��vU�z0 ]��z^EαL[W�]US]<_q�=o7ݛ�Cgnu��#[wnVF\wѴQ�����H5-MčP
Nt9B�4k�l/3
��?�3$UX]h ��0.�6-��lW/ժڽ�E=4g|�{5'5*>5BYX;ז�مnX'W�9Ǹ ]k§�p��/}Z0Y$֞Xmrs瑞W*ZTfz}LC7>��}X2�2f�Z<<}Q,mJ)Ag�P�� � �<��c}_7�
w=�%A:`B<>\#=ߋ�� ��&Hu#nAH�s�HuWIkmJ%ݫ9�3\m9x�3B[w�^1~b:LEo��V٩�\|fZ潭j-Fd{0�,2;kv~j
3�} g;gV,�E�"{�]ja�b6b~m��>9r�lDY6p=b{Eu���=P]L溺zZ�#ZMqx�e5B7�/EJF|1E�P�>
'�P��SK�C7��<6K$Ad�ȇ5T?�OԽ3u?|۽[!VWv�r�MC*�
5�;m�-q֦�I6D� 70(:���Stꑛ#�?�)){ڞUޒΞ\q4n�de�H$#]Y�Yc�`�xM!(f꜓u=�ha�G�p(-$=:�mGL�W"C7��=d�t+;�;�L�O��d��0W��u]�-=�peL168l�K?����Mᇸ��:�LXP4c7n?��Qݹ!?ч��@��L-n iAX#�hb��GcOs?��gMN�s��XҚ0!<���\NA�}s}�xl3ۈ��)��P��Þ�1e;my^p^|�\26Fa[?b �6B�;b<1cbH��|�D:A�htM\���"@H��>S�|Ӡ�Ѡ=?~��e�OM)Qs3a�onp��0<(3[�]ĝ5]w730lMqW'Ag#j| �b �\�]:ovAN�9�5j'
|ob�L<`N~Bj�@qǹ̐0�(ˏIJ�q�XZ~DB(�s��ֆ?H�ouu7@F��à��!q���3&+z+uT/J]WP)9C�KTU:c|&Oa@�kyͬd+��ǯ\hiJd�R.
��?h�$@쌆=(dR�#G��TX\!hf39]�9jIQs9.Qwg�m�Z϶Gݪ9GǽϧUbPhZ>|Ky2_�
^�9huLOS�ʙ~oSg¥,<�%�y�:wn"f8l��Kw�Agp�D0/ڲ�& ƙ8[ �[!Up�:Ϗgg:,?BgB>sRhvNrҡ}}s�CI�ק��059Ӆws�ȳ�9�+f/^sTh=U_?߫I\H�sy;I+ƥfW�*WyKxM}%+�oVqLeM�9nPKG{2Ph�
�+[y@�ⅇU4:,)X96Ffm$
R#ZִZjVU�%Wd�����G�b�3jJUN��lժ~\��,Ig��/($@%X̷7|�'�C7":i�Tq����x+]k&��.�|��tbEҎ�U,A�Yi^Bph�0ly�N�
Nx�@��7�ʸ�,�5w�W�;��SE.A�+��s�U�L:A݆�J/(cK�ZU�ݷp�\�6гg�ȝG� �YBD˼�&.�hأ�QĉPr�_!�?g��b |tu/�� \�=wwhp*fG=j0;}�A].a
w�ųoa]xm�8�q��q�0q>p?7Й�e?��7ƍ\Šk,N�`wa5c*�ɧԙB��ЫA�vd`cЁ(u4Ub�5f$G3x7X06:�)+xr��Qb�nO˙[��Mv7x݆XpgqC�g�)�"S�-���ӳ�Vmb-@UMݎ:3��//U`m�[q{b�r�gZ2Ku<�z!_:��;Hm��@
Y�='1ML+fAl!3�r,�w��ّC;>�)yOV,|vb/�O�$l�l͍#�1�S L9��D!X3W]$� A_$|NbO�\oTLH�Д0�E`�� 9oE92JX`^RueSo:}r;[Q#5
h@Q*�AGRMMa{-��f*Y{6� )4�MϫH�ѝE![a%�9v=�뱽¤�$(\*e�z\;Tj[�1��f��[�BI<`�<�>,D*�9"`�Io����@AikA/K=:�v�/-(G,�yJ~�Q.5�7tle��@�J]o�� Vx3Nŗ�s,^��rEX�տ$q�hՆG��0^q7S�|@�cxQ
b���{m;p3r2
���Qi�pKdؖEn���d3m{oym{DmY>m�Ќ5�O11ngFb�k:2�fχŀ��n{L1��af#9uV��Rɴ{e� �e�PC�lk5\K�Kq�
sX�´üȖWWRֱ!�;ٯ�D;8-�A
cĬ ��;acXJ�XP!Ƨ�?�O�Ч�U|�-\la�}[xtmx0'¿rz�,�ɀCu_
MZU\vGlּA1�y�lT$ܩ�C}�#BH>aH�b�V\3|Wj�Оsq=C
C㳇0֕"E3z(g,1F��� w�A(�i�x��z�T% ow2b9�9�38~p�
_Y�Jlp���X]t7N�3�@:mu;�K%D}Sw=
�aR�'gJJTq�O|?��H>�3uㆧ�?}86�EMB] �T>urҹxΈ�5+_kFx5U��BYfCժZ-N��j|�܊�=iQf8&rYKrѽ;�7r^4�uJHU&s.c�Uԗ�W\d)MC393;?�VMظM.4a-d
|
Network Security & Hardware 
