Quote:
|
Originally Posted by scotty1024
The exploit I was speaking to is this. If someone can lookup your MAC a person can then use that known MAC to find your userid. Once they have your userid they own your iRex account. You can change your password, change your email address, but they still own your account and they can use it from anywhere.
|
I'm so absolutely lost here... Could you give a few more details.
What userid is this? The email adress used in registration? Something else? How does the mapping MAC -> userid work?
Assume someone has my userid - what account can he take over? And how? And where?
Why are there no passwords involved? I figured that you need the password to log into iDS - at least it didn't work with a password typo in the Iliad's preferences.
What secure keys? I always assumed that a pair of unsecure ID and secret password
is a secure key.