iLife ’08/iPhoto/dotMac: Email to web gallery is security risk

I have filed bug 5405311 relating to what I consider a security problem with the new iPhoto/dotMac Web Gallery feature (which I otherwise consider to be excellent!). More thoughts on iLife ’08 to come.

When using the new Web Gallery feature of iPhoto 7 and .Mac, it is extremely simple for others to add unauthorized photos to your web gallery if the email-add feature is enabled.

I expect image spam to become a problem for .Mac/Gallery users very quickly.

In general, the most likely configuration should allow the account owner should be able to add photos to their own account (such as via an iPhone), but others should be rejected.

The general problems are:

-No review of added photos
-No notification that photos have been added to your web gallery
-Moderately simple to machine-guess email address if not public (username + 4 characters)

Suggested changes:

-Option to allow photos to be added only from specified addresses. If the .Mac email is included, you should reject any fake emails not submitted through your SMTP server (since the .Mac email address is trivial to guess from the URL). For simplicity, iPhoto could pre-select addresses in mail.app for inclusion.

-Automatic notification (via email) of photos being added via email. This should be on by default, and difficult or impossible to disable.

-Email address to add photos should be much longer – suggest a 16-digit code, instead of a 4-digit code. In addition suggest removing the username from the address when email address is not visible, so that mail robots would be unable to connect addresses with URLs.

Thank you.

Technorati Tags: ,

Comments are closed.