Quote:
Originally Posted by Serapth
As to your bot/trojan distribution comment, frankly thats just silly. Take your scenario, in order to "attack" a user, you would need to know they were a member and their email address.... and knowing that, frankly, would give you no more power than you would have if......... you knew their email.
|
If I knew they were a user, and they were linked to Twitter, I could tweet obfuscated URL's to their followers leading to a compromised site. And I'd pull that off without needing a login or password.
That seems fairly significant to me.