Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gravatars Can Leak Users' Email Addresses

Posted by kdawson on Tuesday December 15, 2009 @05:20PM from the chatty-little-things dept.

abell writes "Gravatar offers a global avatar service, using an MD5 hash of the user's email as avatar ID. This piece of information in some cases is enough to retrieve the original email address. Testing a simple attack on stackoverflow.com, I was able to determine the email addresses of more than 10% of the site's users."

1 of 170 comments (clear)

Min score:

Reason:

Sort:

Re:So let's change the algorithm. by palegray.net · 2009-12-15 17:32 · Score: 0, Offtopic

Really? Are you familiar with MD5 collisions?

--
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.