full-disclosure-uk August 2008 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] When will they ever get it

[Full-disclosure] When will they ever get it !?!?!?!

From: wilder_jeff Wilder <wilder_jeff_at_nospam>
Date: Thu Aug 07 2008 - 16:09:12 GMT
To: <full-disclosure@lists.grok.org.uk>

As you will all know I am one never to post, but I had to bring this to a discussion point.  

I received an e-mail today from the Gallup Journal inviting me to join their LEET management spam list. Within this inventation, they had provided me with my username (Ahhh how nice) and my password ({GASP} OMG!) in clear text (WTF!).  

So, I track down the domain admin... she has no idea... I get run through the support gauntlet until I assist upon supervisor, Please hold. As I sit and listen to something that should be played at a funeral, not much further from the death march, I was graciously hung up on; the man is now pissed.  

I wouldnt be so upset had this username and password ( be generic or single use) but it is from and active websites that I currently visit. I can understand if I had asked them to send me a password... or had a formal relationship with them; however, this is not the case.  

I was wondering if anyone else received this same e-mail? As a security assessor, I see so many large companies that just dont get it. What will it take for an orginization such as Gallup to understand the fundementals of security.    


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/