Security links for email newsletters
I’m not a computer security specialist, I’m just a project manager, so I’lln’t analyze what happened in this article, and it’s unlikely that the article will draw on the article, but I would like to share what happened with the public and hear from experts if they consider what happened normal?
So, I receive a letter in the mail, in which Microsoft invites me to a webinar on using 1C on the Azure platform. I have a lot of acquaintances and I decided to share the link to the registration with one of them.
What was my surprise when today he wrote to me that after following the link he sees all my personal data, such as your full name, e-mail and phone number.
')
There will be no conclusions, just tell the story that is happening right now. We deal with e-mail newsletters to our online store customers and at the bottom of the letter, in accordance with the rules we have a link where you can unsubscribe from mailings. However, the link leads to a personal account and if the user does not remember his password, this causes him indignation (which, by the way, is quite logical). It was decided to alter the mechanism of unsubscribing from mailings to the correct one - clicked on the button, the client opened a browser with the text “You are unsubscribed from all mailings”. However, the head of the development expressed his concern that by sending his letter to his friend, this friend would be able to unsubscribe the original recipient of the letter from the mailings, which is not very correct from a security point of view. We agreed that the risks are not great, and the client will be able, as a last resort, to enter the personal account and re-subscribe.
I repeat, there will be no conclusions, I just want to hear the opinion of experts about how correctly it happened, and maybe it is I myself angry Buratino, that I distribute the links that came in the letter for me personally?
So, I receive a letter in the mail, in which Microsoft invites me to a webinar on using 1C on the Azure platform. I have a lot of acquaintances and I decided to share the link to the registration with one of them.
What was my surprise when today he wrote to me that after following the link he sees all my personal data, such as your full name, e-mail and phone number.
')
There will be no conclusions, just tell the story that is happening right now. We deal with e-mail newsletters to our online store customers and at the bottom of the letter, in accordance with the rules we have a link where you can unsubscribe from mailings. However, the link leads to a personal account and if the user does not remember his password, this causes him indignation (which, by the way, is quite logical). It was decided to alter the mechanism of unsubscribing from mailings to the correct one - clicked on the button, the client opened a browser with the text “You are unsubscribed from all mailings”. However, the head of the development expressed his concern that by sending his letter to his friend, this friend would be able to unsubscribe the original recipient of the letter from the mailings, which is not very correct from a security point of view. We agreed that the risks are not great, and the client will be able, as a last resort, to enter the personal account and re-subscribe.
I repeat, there will be no conclusions, I just want to hear the opinion of experts about how correctly it happened, and maybe it is I myself angry Buratino, that I distribute the links that came in the letter for me personally?
Source: https://habr.com/ru/post/250495/
All Articles