mrthumbs

https://secure.perfectgonzo.com/cgi/...t_password.cgi

This system for account retrieval, ive seen other paysites use it, would stop me from joining a site if i knew about it.

media

Why would it be a privacy breach???

If someone has your name then they need your email address account info as well...

__________________
I'm here for the violence!

mrthumbs

With the zillions of pornsites around what would be the odds of your victim being a member.. but a last name + email address is too public imo..

Why not last 4 cc digits or the good old "..enter your email address and IF its present in our database..." etc..


Media: exaclty my point email address and lastname .. thats public info.
And those two not only tell me if im a member or not but also displays
my account data and subscriptions.

media

We already have that information anyways on a member.. so why is it considered a privacy breach? I still don't get it... Are you referring to someone just saying lets check if joe blow has an account here? or if my husband is surfing this site? If thats the case, half the ladies will know their husbands account info..

edit: by acount info, I mean cc info

__________________
I'm here for the violence!

mrthumbs

If i join a site i dont want anyone except the program owner to know i joined.. i dont want my neighbours checking up on me and see if joined
gaymania.com AND use my account data to leech free porn!!

And my neighours have my lastname + email.. nothing confidential.

media

You're not getting the fact that they need to have your email account dude.. the password and login info will be dispatched to an email address which if the person does not know any pass info to this email address to begin with, then they will not be able to get any details on login info..

It will not just say ok heres the details for the random name you entered.. lol

__________________
I'm here for the violence!

mrthumbs

Thats my point! Once i fill in lastname + email it displays the username / password data on the webpage.. no email sent.

mrthumbs

So basicly to chew it a bit more for my beloved gfy members:

If my neighbours name is John Doe and his emaila ddress is [email protected]
(i got his business card)

i simply enter
DOE and [email protected]

To access his account details.

media

So this one will display it right on the page??? Thats insanely stupid.. usually it would send an email to the account holder so they can have the email in their secure password protected account..

if all they require is a name and email to get the pass, then yes this is an insecure form of password lookup..

__________________
I'm here for the violence!

mrthumbs

why use a passowrd system in the first place? just tell your members to login with your lastname + email address!

mrthumbs

ARS used to do PW recovery like this a few years back.. they changed it after a few complaints.

s9ann0

yea i just broke into a mates account there I am in the members area now :o)

thats shady I like the image verification shit for members access though might have to steal that for my sites

s9ann0

urrr they squirting milk up her asshole this site is sick