Ok the other day I unintentionally stumbled upon a possible flaw with the news stories email sharing feature on the BBC News website (www.bbc.co.uk).
Basically, it appears that anyone can share news stories on the BBC News website to any known email address and to set the sender name and email address to anything, including bogus domains! – In theory, this means that someone could make someone else believe that someone else has emailed them a news stories when they haven’t. – I tried this with a friend and proved myself correct!
To do this:
- Visit www.bbc.co.uk/news
- Click on a news story
- Click on the envelope icon top right
- Enter in the recipients email address (the person you wish to be emailed the news story)
- Under Your Details, enter in the name of the person you want the recipient to think emailed the news story to them as well as their email address (this can be made up). Enter the security code and click on Send
- The news story will then be emailed to the recipient and will be addressed by the name and email address entered into the Your Details boxes.
I’m genuinely surprised the BBC have allowed this. In fact, looking at the privacy settings and FAQs it looks like they have washed their hands of it!: