[plug] ISPs storing plain-text passwords...

Brad Campbell brad at seme.com.au
Tue Aug 7 14:02:45 WST 2001


Jonathon Bates wrote:

> Im sorry but I tend to differ. I worked at iiNet for 2 years, I could
> access anyone's password whenever I felt like it (including MM's). However
> in the 2 years I was there, there was NO abuse of this system. I like the
> idea of support staff being able to access a clients password, as it makes
> trouble shooting so much easier (perhaps a stint on a support desk might
> change your mind).
> All access to the accounting server was logged, and MM used to say anyone
> doing bad things would be not only dismissed but charged.
> 
> Personally I trust ISP staff (esp considering I was one of them) and as
> such have no issue with them seeing my password!
> 
> Cheers
> Batesy

We have a couple of office accounts with iiNet..
We set up an extra account, on our bill but with a different username
for a contractor we use. This guy could not get it working so phoned iiNet
tech support. He gave his logon name and our billing details. The Moron
at the supprt desk then talked him through setting up his system using
My logon name and then gave him MY password..
I wondered why I started getting duplicate logon messages, and I was
losing E-mail..

I cant BELIEVE they give out the passwords..
The ISP I used to be with, that iiNet raped and plundered, used to reset
passwords if you forgot them, but were unable to look at them and thus
give them to any pleb who phoned up pretending to be on my account..


-- 
Brad....
                   /"\
Save the Forests   \ /     ASCII RIBBON CAMPAIGN
Burn a Greenie.     X      AGAINST HTML MAIL
                   / \



More information about the plug mailing list