I have a very common name, which means I have a very common gmail address. I get a lot of mail for other people named David Reid. A lot of mail. Every once in a while a David Reid will sign up with my email address for some mailing list.
This morning I noticed an email from McAfee telling me how I could go about downloading some product that someone presumably just purchased. A few minutes later I get this email:
![Picture 1 [REDACTED] by you.](http://farm4.static.flickr.com/3344/3441687541_9ec8561253.jpg?v=0)
So yeah, a so-called security company is storing and transmitting their customer's passwords in plaintext.
FUCKINGAWESOME SECURITY FAIL.
This morning I noticed an email from McAfee telling me how I could go about downloading some product that someone presumably just purchased. A few minutes later I get this email:
So yeah, a so-called security company is storing and transmitting their customer's passwords in plaintext.
FUCKING
Posts
6 comments:
Just because e-mail provides the password in plaintext, it does not mean McAfee stores it on their server's that way.
I don't use my @gmail address for that very reason. I also think there's someone named Bob Simpson somewhere who would really like his Google Analytics data, if he didn't manage to attach it to my account.
-bsimpson@g
@Lock Bumping: storing a password using reversible encryption is no different than storing it in plaintext; either way it can be accessed if the server is compromised. And that pales in significance compared to the fact that they send it by email; that's just dumb. Don't make excuses for big stupid companies.
I've had the same experience. I was stunned to see my password in plain text and that too coming from McAfee!!!
If that person's password is not 'sweethomealabama' then my name isn't Josh Groban.
Post a Comment