Re: CRIME ISP Password Security Practices at Earthlink

From: Jacob B. Rothstein (Jacob.B.Rothstein@private)
Date: Tue Jun 11 2002 - 18:23:01 PDT

  • Next message: Brent Tucker: "RE: CRIME ISP Password Security Practices at Earthlink"

    i think there is a clear precedent of trust with telephone operators, although
    less so with tech support.  for example, when you place a credit card order by
    phone (if people still do that,) you're trusting them with sensitive data that
    the operator could easily run away with.  although there are more safeguards in
    place with credit cards, the risk is the same.  i would assume that there are
    legal documents along the lines of an NDA between the company and the
    operator/techie, and that the disgruntled employee would very clearly be in
    breach of that agreement.  standard caveat: IANAL...
    
    from a developer's perspective, i don't understand why they're not crypt()ing
    the password before they put it in their db.  in web-backend-land, that's what
    we do, generally speaking.
    
    if you're still worried, contact earthlink about it:
    
    Where to Direct Questions About EarthLink's Privacy Policy
    If you have any questions about this Privacy Policy or the practices described
    herein, you may contact:
    
    Customer Service
    EarthLink, Inc.
    1375 Peachtree Street, N.W.
    Level A
    Atlanta, Georgia 30309
    service@private, or
    privacypolicy@private 
    
    jacob rothstein
    jbr@private
    



    This archive was generated by hypermail 2b30 : Tue Jun 11 2002 - 19:21:35 PDT