Throwback Thursday: Just one more thing to worry about

Throwback Thursday: Just one more thing to worry about

This pilot fish and his wife are planning a long-overdue vacation to an all-inclusive resort -- one of those places where you don't have to worry abou

Google, Jigsaw Partner on Free Tools to Secure Elections
Pathetic Patching Leaves Over 70,000 Memcached Servers Still Up For Grabs
FreeXL Library Fixes Two Remote Code Execution Vulnerabilities

This pilot fish and his wife are planning a long-overdue vacation to an all-inclusive resort — one of those places where you don’t have to worry about things like meals or tipping.

“I log onto the resort’s website in order to make some reservations ahead of our arrival,” fish says, “and am presented with the standard registration page.”

He enters his information on the page, which also asks “for security reasons” that he set up a password.

It’s not until after he has clicked “OK” that fish looks at the icon in his web browser and realizes the page isn’t encrypted. He does a quick browse of the source code for the page, and finds that there’s no SSL anywhere securing the data he’s just typed in.

A quick call to the resort’s customer service department is less than fruitful — no surprise there. And no one will transfer him to the IT department, either.

“The icing on the cake?” says fish. “I get an e-mail from them confirming my registration — and it contains my password in all its glory.

“Lessons learned: Never use the same password across systems. And remember that my idea of security may not match my vendor’s ideas of ‘security.'”

Sharky’s idea of security is having plenty of true tales of IT life. Send yours to me at sharky@computerworld.com. You can also comment on today’s tale at Sharky’s Google+ community, and read thousands of great old tales in the Sharkives.

Get Sharky’s outtakes from the IT Theater of the Absurd delivered directly to your Inbox. Subscribe now to the Daily Shark Newsletter.

Go to Source

COMMENTS