When will they ever get it !?!?!?!

[wilder_jeff Wilder <wilder_jeff () msn com>]

As you will all know I am one never to post, but I had to bring this to a discussion point.
 
I received an e-mail today from the Gallup Journal inviting me to join their LEET management spam list. 
Within this inventation, they had provided me with my username (Ahhh how nice) and my password ({GASP} OMG!) in clear 
text (WTF!). 
 
So, I track down the domain admin... she has no idea... I get run through the support gauntlet until I assist upon 
supervisor, Please hold.  As I sit and listen to something that should be played at a funeral, not much further from 
the death march,  I was graciously hung up on; the man is now pissed.
 
I wouldnt be so upset had this username and password ( be generic or single use) but it is from and active websites 
that I currently visit.  I can understand if I had asked them to send me a password... or had a formal relationship 
with them; however, this is not the case.
 
I was wondering if anyone else received this same e-mail?   As a security assessor, I see so many large companies that 
just dont get it. What will it take for an orginization such as Gallup to understand the fundementals of security.
 
 
-enjoy!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/