Waraxe IT Security Portal

LINUX · Moderator

The bug is that you can get an SBC email address, without being an SBC customer. It's not a huge problem, but it could prove to be an inconvenience for SBC, when their users find themselves unable to get the account names that they might want. Most importantly, it effectively provides you with what appears to be an ISP email address, which you can then use to sign up for things that require you to have a non-free email account. This is sometimes a tactic that is used, by some organizations, as part of the effort to ensure that individuals can be held legally or otherwise accountable for the use of their accounts, when they sign you up for things. Free webhosting service providers, for example, often require you to register with a non-free email account, in order to ensure that they can cancel your webhosting, if you abuse their services (perhaps by offerring copyrighted material on your site). Because you cannot just sign up for account after account, without having it cost you, to do so, this can be an effective way to limit a users' ability to continue abusing their services - they simply disallow you from signing up for another webhosting account, using the same email address. It's not universally effective, of course - this bug is one of many ways to evade such verifications.

But the bug is essentially that we can sign up for email through SBC, without being SBC subscribers