Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - My IT department wants you to hack my account 1

An anonymous reader writes: I work for a publicly traded company. When I submit tickets to helpdesk, they reply with an automated response which has a link to the ticket. Nothing special there, right? The only thing is, it is a plain http: link, leading to a page that immediately asks for my password. If I add an s after the http, there is not even a listener there. So the only way I can access that page is to send my password in the clear. That server is geographically distant, so I am pretty sure I would be sending my password in the clear over the internet. (And even if it is fully intranet-based, isn't this still a pretty big risk?) Again, it is my IT department which is sending this link. This is not the first company where I have seen this. So I am starting to think that the easiest way for a hacker to compromise a company is actually provided as a service by that company's IT department. How common is this, and how can it possibly be happening? More generally, how safe is my personal data that I provide to corporations, when they may be so astoundingly easy to compromise?

Slashdot Top Deals

The following statement is not true. The previous statement is true.