Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security

Submission + - My IT department wants you to hack my account 1

An anonymous reader writes: I work for a publicly traded company. When I submit tickets to helpdesk, they reply with an automated response which has a link to the ticket. Nothing special there, right? The only thing is, it is a plain http: link, leading to a page that immediately asks for my password. If I add an s after the http, there is not even a listener there. So the only way I can access that page is to send my password in the clear. That server is geographically distant, so I am pretty sure I would be sending my password in the clear over the internet. (And even if it is fully intranet-based, isn't this still a pretty big risk?) Again, it is my IT department which is sending this link. This is not the first company where I have seen this. So I am starting to think that the easiest way for a hacker to compromise a company is actually provided as a service by that company's IT department. How common is this, and how can it possibly be happening? More generally, how safe is my personal data that I provide to corporations, when they may be so astoundingly easy to compromise?
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

My IT department wants you to hack my account

Comments Filter:

The explanation requiring the fewest assumptions is the most likely to be correct. -- William of Occam

Working...