Too Much Information?

vulnAfter posting on this blog, I figured that it would send me some sort of conformation that post has been successfully posted. It didn’t. But what it did send me was a list of users RIT users and their IP addresses.

Apparently when someone comments on a post, it sends you an e-mail alert to let you know that there’s a new comment. But I don’t think users would be too happy if they knew their IP address, DNS record and e-mail address were sent to me.

What if I didn’t like this kid in my class? What if I knew his box was vulnerable? What if I wanted to send him e-mails about some really sweet Viagra offers?

What do you guys think?

Advertisements

7 thoughts on “Too Much Information?

  1. Ok. I am afraid to post this comment. It is kind of scary that a school blog would be giving out that type of information where you would think that it would be the most secure and private. Definitely food for thought. Thanks for researching more about it.

  2. Wow this is pretty crazy. Showing the account that the commenter used is reasonable, but the IP with a link to the whois lookup is a bit overboard. I imagine this feature is useful for preventing spammers. Assuming that you can block a specific IP from the WordPress page.

  3. Yeah but why would you send that to every user? Only the Sys. Ad or a Spam-block feature should be privy to that information.

  4. There are alot of things you could do with this. It’s kind of strange, because whoever designed that message would’ve known the usefulness of the information or he wouldn’t have included it, but would also have known it’s not good information to give out so obviously.

  5. I think that’s a little too much information to be giving out, but I think it’s easy enough being a student here to find other student’s email.

Comments are closed.