Re: PLAXO: is that a cure or a disease?

[Stacy Martin <trust () plaxo com>]

In-Reply-To: <200403121752.i2CHqK8A028679 () web187 megawebservers com>

Thanks for the report.  This problem was fixed within hours of the original post on 3/12/04.  

While not diminishing the seriousness of the report, the impact of this vulnerability required the malicious user to 
already be in the Plaxo user's address book and to have received a Plaxo Update Request from the victim.  A security 
review of all Plaxo accounts showed no one besides the reporting user had found this problem and therefore no other 
Plaxo member's data was impacted.  

But nevertheless, since 3/12, we've made a number of additional changes and enhancements to our service in order to 
minimize the occurance of these types of problems again.

We appreciate the assistance in finding this and we encourage people to continue to bang on Plaxo.  We only ask that if 
there is a next time, you give us time to develop a fix before telling truly malicious users.