http://ilikeellipses.com/2008/05/29/its-time-to-get-serious-about-security/ the blog for developers who care about more than just code... Wed, 07 Jan 2009 01:38:40 +0000 http://wordpress.org/?v=2.3 http://ilikeellipses.com/2008/05/29/its-time-to-get-serious-about-security/#comment-1824 mike hall Thu, 29 May 2008 16:57:51 +0000 http://ilikeellipses.com/2008/05/29/its-time-to-get-serious-about-security/#comment-1824 Don't get me wrong. You still need to be able to access the email account for this to work, since the emails with the username and reset password link are sent to that address, but how secure are most people's password anyways? Don’t get me wrong. You still need to be able to access the email account for this to work, since the emails with the username and reset password link are sent to that address, but how secure are most people’s password anyways?

]]> http://ilikeellipses.com/2008/05/29/its-time-to-get-serious-about-security/#comment-1822 Richard Gardiner Thu, 29 May 2008 15:37:47 +0000 http://ilikeellipses.com/2008/05/29/its-time-to-get-serious-about-security/#comment-1822 This is really insecure. Your email address is in effect public (everybody you send an email to sees it, then they forward your email to someone else, who sends to someone else, ...). Given the large customer base that the phone companies have, you could probably get into peoples accounts just by randomly trying email addresses you know - even without the user making the error you came across. Even worse, what happens if you have a disgruntled ex-boyfriend/girlfriend - they probably already know your email address and phone company. This is really insecure. Your email address is in effect public (everybody you send an email to sees it, then they forward your email to someone else, who sends to someone else, …). Given the large customer base that the phone companies have, you could probably get into peoples accounts just by randomly trying email addresses you know - even without the user making the error you came across. Even worse, what happens if you have a disgruntled ex-boyfriend/girlfriend - they probably already know your email address and phone company.

]]> http://ilikeellipses.com/2008/05/29/its-time-to-get-serious-about-security/#comment-1821 Arjan`s World » LINKBLOG for May 29, 2008 Thu, 29 May 2008 15:28:31 +0000 http://ilikeellipses.com/2008/05/29/its-time-to-get-serious-about-security/#comment-1821 [...] It’s Time to Get Serious About Security - Mike Hall Having a non-secure website is bad enough, but ignoring customers who take the time to spell this out for you … how would you feel if you’re the guy/gal that spelled their email address wrong with this possible consequence [...] […] It’s Time to Get Serious About Security - Mike Hall Having a non-secure website is bad enough, but ignoring customers who take the time to spell this out for you … how would you feel if you’re the guy/gal that spelled their email address wrong with this possible consequence […]

]]>