<<< NEWS FROM THE LAB - Tuesday, January 26, 2010 >>> ARCHIVES | SEARCH Facebook Mischief Posted by Sean @ 14:18 GMT Facebook recently published a nice new feature: Reply to this email to comment on this status.



This seems like a very handy feature to have if you're trying to converse with friends on the go.



But is it secure?



As it turns out, based on our testing, anyone can use the Reply To address, from any e-mail account.



Of course, the notification links are only sent to the account holder's primary e-mail, but we all know just how often e-mail accounts are phished/hacked, right?







Try it yourself. Send an e-mail message to this address, include a subject message, and you'll see the results, posted in Matti's name, here.



Coming soon to a comment near you — EMAIL REPLY SPAM.





















