[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Edlug Archive May 2004 ]

Re: [edlug] intercepting emails

To: edlug@xxx.xxx.xxx
Subject: Re: [edlug] intercepting emails
From: Samsara <phi1ipp@xxx.xxx.xxx>
Date: Thu, 6 May 2004 14:00:15 -0700 (PDT)
In-reply-to: <3F31BD9C-9F98-11D8-9676-000A9590A9AE@xxx.xxx.xxx>
List-post: <mailto:edlug@xxx.xxx.xxx>
List-subscribe: <mailto:edlug-request@xxx.xxx.xxx>
List-unsubscribe: <mailto:edlug-request@xxx.xxx.xxx>
Sender: owner-edlug@xxx.xxx.xxx


--- Graeme Wood <Graeme.Wood@xxx.xxx.xxx> wrote:
> 
> Did they say they would send your password
> unencrypted by email? Or are  
> you just assuming
> that they would if you asked?
> 

Hi Graeme!

There is a facility on their website which allows me
to request the password, and it would then be sent in
plain text, can't see any other way. Please correct me
if I'm wrong!

--- Rory wrote:
>
> hi all,
>

Hi Rory!

> The practice your describing (e-commerce sites
> resetting a password and
> transmitting that over e-mail) is pretty standard
> practice in my 
> experience*.  Whilst Peter is correct in saying that
> it is technically
> possible for someone to get access to any plaintext
> e-mail travelling
> over the Internet, the logistics of grabbing a
> *specific* e-mail from a
> large ISP would be reasonably challenging, so
> someone would have to be
> motivated to do that, and unless they were
> targetting you specifically
> I'd be suprised if they'd go to that trouble to get
> 1 Credit card number
> (for reference, professional credit  card scammers
> tend to  deal in CD's
> full of Credit card details/names/addresses).
>
> Also where flights are involved you would *hope*
> that they would only
> allow bookings where the credit card holder is one
> of the people flying
> (definately the case for Easyjet) and also that they
> would check ID at 
> the airport (some airlines  do, some don't)...

Well, your comment about Easyjet is interesting,
because our experiences differ. When I last used their
services, it seemed that I did not have to be one of
the passengers. They also did not contest me on that
point, which I raised with them.

> One thing that would worry me is if they sent your
> original password to 
> you in e-mail rather than resetting your password
> and sending that (it
> would imply that they had access to your plain-text
> password which is a
> bad thing (tm))...
> 

Yeah, as I mentioned above in my reply to Graeme's
question, that's not necessarily the case, since
having the password sent to you is an automated
process, so it may well be encrypted on the server and
inaccessible to any human (so long as I don't request
to be reminded of it...)

Regards,

Samsara


	
		
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  
http://hotjobs.sweepstakes.yahoo.com/careermakeover 
-
----------------------------------------------------------------------
You can find the EdLUG mailing list FAQ list at:
http://www.edlug.org.uk/list_faq.html

References:
- Re: [edlug] intercepting emails
  - From: Graeme Wood

Prev by Date: Re: [edlug] intercepting emails
Next by Date: [edlug] BOOTCFG
Previous by thread: Re: [edlug] intercepting emails
Next by thread: Re: [edlug] intercepting emails
Index(es):
- Main
- Thread

Morpheux

This archive is kept by wibble@morpheux.org.DONTSPAMME

homepage