Credit to Author: Sharky| Date: Thu, 13 Sep 2018 03:00:00 -0700
This pilot fish and his wife are planning a long-overdue vacation to an all-inclusive resort — one of those places where you don’t have to worry about things like meals or tipping.
“I log onto the resort’s website in order to make some reservations ahead of our arrival,” fish says, “and am presented with the standard registration page.”
He enters his information on the page, which also asks “for security reasons” that he set up a password.
It’s not until after he has clicked “OK” that fish looks at the icon in his web browser and realizes the page isn’t encrypted. He does a quick browse of the source code for the page, and finds that there’s no SSL anywhere securing the data he’s just typed in.
A quick call to the resort’s customer service department is less than fruitful — no surprise there. And no one will transfer him to the IT department, either.
“The icing on the cake?” says fish. “I get an e-mail from them confirming my registration — and it contains my password in all its glory.
“Lessons learned: Never use the same password across systems. And remember that my idea of security may not match my vendor’s ideas of ‘security.'”
Sharky’s idea of security is having plenty of true tales of IT life. Send yours to me at firstname.lastname@example.org. You can also comment on today’s tale at Sharky’s Google+ community, and read thousands of great old tales in the Sharkives.
Get Sharky’s outtakes from the IT Theater of the Absurd delivered directly to your Inbox. Subscribe now to the Daily Shark Newsletter.