| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BAY106-W1037FEFE539881F7BF49F294750@phx.gbl>
Date: Thu, 7 Aug 2008 10:09:12 -0600
From: wilder_jeff Wilder <wilder_jeff@....com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: When will they ever get it !?!?!?!
As you will all know I am one never to post, but I had to bring this to a discussion point.
I received an e-mail today from the Gallup Journal inviting me to join their LEET management spam list.
Within this inventation, they had provided me with my username (Ahhh how nice) and my password ({GASP} OMG!) in clear text (WTF!).
So, I track down the domain admin... she has no idea... I get run through the support gauntlet until I assist upon supervisor, Please hold. As I sit and listen to something that should be played at a funeral, not much further from the death march, I was graciously hung up on; the man is now pissed.
I wouldnt be so upset had this username and password ( be generic or single use) but it is from and active websites that I currently visit. I can understand if I had asked them to send me a password... or had a formal relationship with them; however, this is not the case.
I was wondering if anyone else received this same e-mail? As a security assessor, I see so many large companies that just dont get it. What will it take for an orginization such as Gallup to understand the fundementals of security.
-enjoy!
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists