Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Avatars and security
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Avatars and security
Avatars and security
20-08-2007 7:32 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Many people like the idea of using a username on the Community site which is different to their PlusNet member username for security reasons.
Right-clicking on their avatars and looking at the properties in many cases reveals the likely PlusNet identity of the Community forum user. This is shown in the form http://www.xxxxxxxx.plus.com/avatar.jpg or similar, because in the Forum Profile Information they have selected 'I have my own pic:' and provided a link to their own PlusNet webspace.
By selecting 'I will upload my own picture:' it will be stored on the Community site and will only show properties in the form http://community.plus.net/forum/index.php?action=dlattach;attach=nnnn;type=avatar
So, to preserve your anonymity, upload your avatar, don't provide a link to it which may reveal your PlusNet username.
Perhaps PlusNet should consider placing a warning message on the Forum Profile Information page to prevent users from compromising their security when adding their avatars.
The same security loophole can apply when adding an image into a forum message such as chillypenguin did in his "glow" tag thread at http://community.plus.net/forum/index.php?topic=720.0
Seeing that he uses the same username on both, nothing was compromised!
Be aware!
Right-clicking on their avatars and looking at the properties in many cases reveals the likely PlusNet identity of the Community forum user. This is shown in the form http://www.xxxxxxxx.plus.com/avatar.jpg or similar, because in the Forum Profile Information they have selected 'I have my own pic:' and provided a link to their own PlusNet webspace.
By selecting 'I will upload my own picture:' it will be stored on the Community site and will only show properties in the form http://community.plus.net/forum/index.php?action=dlattach;attach=nnnn;type=avatar
So, to preserve your anonymity, upload your avatar, don't provide a link to it which may reveal your PlusNet username.
Perhaps PlusNet should consider placing a warning message on the Forum Profile Information page to prevent users from compromising their security when adding their avatars.
The same security loophole can apply when adding an image into a forum message such as chillypenguin did in his "glow" tag thread at http://community.plus.net/forum/index.php?topic=720.0
Seeing that he uses the same username on both, nothing was compromised!
Be aware!
Message 1 of 8
(2,503 Views)
7 REPLIES 7
Re: Avatars and security
20-08-2007 9:18 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Good advice and well spotted
Regards .....
Regards .....
Message 2 of 8
(674 Views)
Re: Avatars and security
20-08-2007 10:02 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It rather depends how bothered you are about this.
Along with a lot of other people I use the same avatar on a number of forums and having it linked to a webspace is a very useful thing as I can change it on all forums simultaneously.
I did wonder about using one of my non PlusNet sites but decided it wasn't worth the risk as most of my PlusNet addresses get spam already and the others don't.
The new spam filter is doing a great job. It has even cut out the spam going to one address which was compromised by a recipient replying to one of those silly chain emails.
The only reason I changed my username is that I use this one on all the other forums I take part in.
Edit - because I am now trying IE7 and i haven't got a spell checker on that
Along with a lot of other people I use the same avatar on a number of forums and having it linked to a webspace is a very useful thing as I can change it on all forums simultaneously.
I did wonder about using one of my non PlusNet sites but decided it wasn't worth the risk as most of my PlusNet addresses get spam already and the others don't.
The new spam filter is doing a great job. It has even cut out the spam going to one address which was compromised by a recipient replying to one of those silly chain emails.
The only reason I changed my username is that I use this one on all the other forums I take part in.
Edit - because I am now trying IE7 and i haven't got a spell checker on that
Message 3 of 8
(674 Views)
Re: Avatars and security
20-08-2007 11:42 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@lingbob
I think it was when I right-clicked on your avatar that I first noticed it! I see you've changed it!
@Oldjim
I'm not bothered, but for those that are, I've noticed that you don't have to be logged in to retrieve the avatar, at least not when on a PlusNet IP - just tried it!
So anyone that was could possibly store the avatar at http://community.plus.net/forum/index.php?action=dlattach;attach=nnnn;type=avatar and use it on more than one site, still preserving their anonymity wherever it is displayed, i.e. on other forums. A change at the Community site would only change all instances if the attach=nnnn in the storage is unique to the user and doesn't change when the avatar itself is changed. Otherwise, changing the avatar would necessitate a lot of work changing it on other sites! I don't know if nnnn is permanently unique to the user - I haven't tried that! Perhaps someone at PlusNet already has the answer?! If the Community site went off-line it would show up everywhere!
You and I aren't worried, but quite a few PlusNet users must be, as it as was pressure from users that allowed their identity to be hidden.
I think it was when I right-clicked on your avatar that I first noticed it! I see you've changed it!
@Oldjim
I'm not bothered, but for those that are, I've noticed that you don't have to be logged in to retrieve the avatar, at least not when on a PlusNet IP - just tried it!
So anyone that was could possibly store the avatar at http://community.plus.net/forum/index.php?action=dlattach;attach=nnnn;type=avatar and use it on more than one site, still preserving their anonymity wherever it is displayed, i.e. on other forums. A change at the Community site would only change all instances if the attach=nnnn in the storage is unique to the user and doesn't change when the avatar itself is changed. Otherwise, changing the avatar would necessitate a lot of work changing it on other sites! I don't know if nnnn is permanently unique to the user - I haven't tried that! Perhaps someone at PlusNet already has the answer?! If the Community site went off-line it would show up everywhere!
You and I aren't worried, but quite a few PlusNet users must be, as it as was pressure from users that allowed their identity to be hidden.
Message 4 of 8
(674 Views)
Re: Avatars and security
21-08-2007 8:56 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: jnwright @lingbob
I think it was when I right-clicked on your avatar that I first noticed it! I see you've changed it!
Very observant
Regards .....
Message 5 of 8
(674 Views)
Re: Avatars and security
21-08-2007 1:54 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Going off topic but ...
James_H
You can remove the user name from the reverse DNS - in the main plus.net site search for reverse DNS and you get a the
Help Assistant Change my Reverse DNS configuration page
James_H
You can remove the user name from the reverse DNS - in the main plus.net site search for reverse DNS and you get a the
Help Assistant Change my Reverse DNS configuration page
Message 6 of 8
(674 Views)
Re: Avatars and security
21-08-2007 3:37 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Oldjim The new spam filter is doing a great job. It has even cut out the spam going to one address which was compromised by a recipient replying to one of those silly chain emails.
Hi, OldJim,
I am flooded by spam on several addresses and my solution was to use Thunderbird as my main email client and set the filters to accept emails only from senders that are in my address book. That does not stop spam messages, but it moves them to the Thrash folder. Unfortunately, the spam messages are counted in my monthly download allowance.
I am interested in your comment that your spam filter is very effective. Can you tell me what you are using?
Thanks,
Alex
Message 7 of 8
(674 Views)
Re: Avatars and security
21-08-2007 4:09 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Not mine - just the PlusNet one.
Only one got through recently and that was to check the login details for the bartenders guide.
Out of interest i clicked on the link which was a url and it asked me to download a component to view the graphic. A check on properties showed it was an exe file which is when I deleted the email.
Only one got through recently and that was to check the login details for the bartenders guide.
Out of interest i clicked on the link which was a url and it asked me to download a component to view the graphic. A check on properties showed it was an exe file which is when I deleted the email.
Message 8 of 8
(674 Views)
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page