Which reminds me... The tech (AT&T contractor) who set up a cable modem for me graciously selected "password" as my initial password. Being fairly paranoid I went to change it immediately upon his departure. When I entered my name, I mistyped it and lo and behold, I logged in...to someone else's account with the password "password". This was a fellow in Plano Texas with a similar name to my own. I had his address and phone and could have set up his account (including email) if I'd wished...I thought about calling him but I figured it would just confuse him... If attbi has the plain text stored they might want to see how many of them are "password". I thought about trying to login as "john.smith", "bob.jones", etc. with "password" just to see how far I could get but decided they may have something watching failed logins and I didn't really want to be tagged with that... Another story for Security Focus anyone? :) Cheers, - Mike.Myers@private-lmco.com -----Original Message----- From: MAGEE Rob [mailto:Rob.Magee@ODE-EX1.ODE.STATE.OR.US] Sent: Tuesday, June 18, 2002 7:15 AM To: CRIME Subject: RE: CRIME EarthLink Password Security Story The same policy is in force at ATTBI's support group. Two days ago I was asked for my password. -----Original Message----- From: Lyle Leavitt [mailto:lylel@private] Sent: Monday, June 17, 2002 4:38 PM To: CRIME Subject: CRIME EarthLink Password Security Story FYI, the EarthLink password security story ran today at Wired News: http://www.wired.com/news/privacy/0,1848,53208,00.html
This archive was generated by hypermail 2b30 : Tue Jun 18 2002 - 11:00:09 PDT