[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Edlug Archive May 2004 ]

Re: [edlug] intercepting emails

To: edlug@xxx.xxx.xxx
Subject: Re: [edlug] intercepting emails
From: Samsara <phi1ipp@xxx.xxx.xxx>
Date: Thu, 6 May 2004 12:38:44 -0700 (PDT)
In-reply-to: <BAY17-DAV7v4yETjvgD00007c6e@xxx.xxx.xxx>
List-post: <mailto:edlug@xxx.xxx.xxx>
List-subscribe: <mailto:edlug-request@xxx.xxx.xxx>
List-unsubscribe: <mailto:edlug-request@xxx.xxx.xxx>
Sender: owner-edlug@xxx.xxx.xxx

Dear Peter,

Thanks for your illuminating comments. It may be
necessary for me to give some more details of the case
at hand:

We're talking about an airline here. Transmission of
details is via https, so may be assumed secure. Also,
it is not possible to see your details if you log in
as yourself. However, it is possible to book
additional tickets on your credit card with arbitrary
passenger names - I thought some of the John Smithes
in this world might be interested in having a free
flight on my card. They would never be traceable
unless I check my credit card statement before they
board (or if we are going to assume the airline more
capable, leave) the plane, and alert the airline of
the fraud.

I've asked them to delete my details. They have not
informed me that they have done so, although they got
in touch once to claim that their site is perfectly
secure. I also out of habit chose an unguessable (i.e.
unmemorable) password, so I cannot now access my own
details unless I have them send my password
unencrypted. The username is just the email address,
so no security there, either. (Note to deviants: not
this email address.)

I just want to be sure that I'm not wrong in my
accusations before I go to the bank and subtly suggest
to them that they should put some pressure on the
airline, or stop trading with them, and meanwhile
supply a new credit card for me!

Based on your comments, it seems that my suspicions
are correct, and that a lot of customers are at risk
of having other people book flights on the formers'
money.

Many thanks,

Samsara

PS: Essentially the same problem seems to afflict an
academic robe supplier, although they will at least
have the address that the goods were delivered to, so
there's more of a chance of catching the offender.


	
		
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  
http://hotjobs.sweepstakes.yahoo.com/careermakeover 
-
----------------------------------------------------------------------
You can find the EdLUG mailing list FAQ list at:
http://www.edlug.org.uk/list_faq.html

Follow-Ups:
- Re: [edlug] intercepting emails
  - From: Graeme Wood
- Re: [edlug] intercepting emails
  - From: Rory McCune
- Re: [edlug] intercepting emails
  - From: Gordon Dick

References:
- Re: [edlug] intercepting emails
  - From: Peter Jackson

Prev by Date: Re: [edlug] dynamic dns, domain names, and other shenanigans
Next by Date: Re: [edlug] dynamic dns, domain names, and other shenanigans
Previous by thread: Re: [edlug] intercepting emails
Next by thread: Re: [edlug] intercepting emails
Index(es):
- Main
- Thread

Morpheux

This archive is kept by wibble@morpheux.org.DONTSPAMME

homepage