HEAR, HEAR, AT LAST A SENSIBLE REPLY TO A RIDICULOUS COMPLAINT ...
>I am going to take the "high road" here and suggest that you really should
>check out your facts before you send out e-mails like this and stir up all
>kinds of unnecessary controversy! It is particularly insulting to those of
>us who voluntarily spend more than 30 hours per week on VTR related
>matters, to have our efforts referred to as "the most egregious security
>practice
>I have ever seen" and "incredibly amateurish habitb.
>
>This is probably all a moot point since we will likely be discontinuing
>the practice of including your password on any VTR correspondence, however
>convenient others may find this to be.
>
>
>First of all, let me assure everyone that "every" e-mail that is sent out
>from VTR does not include your username and password.
>
>Interestingly enough, I, as VTR Membership Secretary, do not even know or
>have access to what everyone's password is. It is a totally blank field in
>our administrative database. I can insert a new password, but I never know
>what the prior password was.
>
>I am sure our President will be responding but let me remind you of
>(apologies in advance to Information Technology Officers) a few things about
>passwords in general. You presumably have a safe, secure, password for your
>e-mail account and only you can view your e-mail. Therefore, any e-mail we
>send
> you with your VTR password would presumably be read only by you. Because
>many e-mail users on any system forget or otherwise lose their passwords,
>virtually every system allows you to request your password. With most systems
>I am familiar with, the recovered password is sent to your e-mail address
>after the system first verifies your request, and matches the e-mail
>address on file associated with the username you attempted to log in under.
>
>Anyway, suppose someone with ill-intent does acquire your VTR password.
>Since we house no financial information in your profile (like credit card,
>PayPal, or bank account information) there is little that could be done to
>your profile, other than nuisance name changes, etc. I submit to you that your
> exposure is not much greater than your listing in a local telephone
>directory or other public information sources readily available on the
>Internet.
>
>Not withstanding the foregoing, my recommendations will be to remove the
>passwords from all VTR correspondence, with the exception of specific
>requests for recovery.
>
>Regards,
>Bill Lynn
>VTR Membership Secretary
>e-mail: _triumphtr2@aol.com
>_ (mailto:triumphtr2@aol.com)
>
>In a message dated 3/1/2010 8:08:53 A.M. Central Standard Time,
>sumton@sbcglobal.net writes:
>
>
>I just received an email from the Vintage Triumph Register. every email
>they send out has your username and password in clear text.
>
>help me out people - this is the most egregious security practice I have
>ever seen. please send them an email and tell them to stop this
>practice!!!!! tell them you will not renew until they cease this incredibly
>amateurish habit.
>
>their email is _membership@vtr.org_ (mailto:membership@vtr.org)
>_______________________________________________
>
>6pack@autox.team.net
>Donate: http://www.team.net/donate.html
>Archive: http://www.team.net/archive
>Forums: http://www.team.net/forums
>Unsubscribe/Manage:
>http://autox.team.net/mailman/options/6pack/anabil007@comcast.net
--
"Thinking is the hardest work there is. That's why so few people
undertake it." - Henry Ford
Bill Pugh
1957 TR3
"Casper"
TS16765L
Wallace, CA
_______________________________________________
Triumphs@autox.team.net
Donate: http://www.team.net/donate.html
Suggested annual donation $11.47
Archive: http://www.team.net/archive
Forums: http://www.team.net/forums
|