Full Disclosure mailing list archives
When will they ever get it !?!?!?!
From: wilder_jeff Wilder <wilder_jeff () msn com>
Date: Thu, 7 Aug 2008 10:09:12 -0600
As you will all know I am one never to post, but I had to bring this to a discussion point. I received an e-mail today from the Gallup Journal inviting me to join their LEET management spam list. Within this inventation, they had provided me with my username (Ahhh how nice) and my password ({GASP} OMG!) in clear text (WTF!). So, I track down the domain admin... she has no idea... I get run through the support gauntlet until I assist upon supervisor, Please hold. As I sit and listen to something that should be played at a funeral, not much further from the death march, I was graciously hung up on; the man is now pissed. I wouldnt be so upset had this username and password ( be generic or single use) but it is from and active websites that I currently visit. I can understand if I had asked them to send me a password... or had a formal relationship with them; however, this is not the case. I was wondering if anyone else received this same e-mail? As a security assessor, I see so many large companies that just dont get it. What will it take for an orginization such as Gallup to understand the fundementals of security. -enjoy!
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- When will they ever get it !?!?!?! wilder_jeff Wilder (Aug 07)