[plug] ISPs storing plain-text passwords...

Nigel Duff peregrin at iinet.net.au
Tue Aug 7 16:09:43 WST 2001


On Tue, Aug 07, 2001 at 11:53:50AM +0800, Christian wrote:
> On Mon, Aug 06, 2001 at 11:31:35PM +0800, Nigel Duff wrote:
>  
> > Personally i would be a lot more worried about someone having my CC
> > details than my password. There isn't really a lot someone can do with
> > your password, and its fairly easy to track down what they've been
> > doing. But with my CC details, thats going to cost me money.
> 
> The $50 limit of liability here makes it reasonably safe, assuming under
> the Electronic Banking conditions you are liable at all.  You seem to
> think that someone having access to your Internet account won't cost you
> money?  Haven't you ever heard of people getting huge Internet bills
> because someone has got hold of their password and is using their
> account using up their time/bandwidth quotas?  I don't think most ISPs
> have a $50 limit on excess charges...
> 

I would let the ISP know i was disputing the bill and had contacted the
police. The police would contact Telstra, find where the call
originated and knock on ex-support staff member's door.

At one of the ISP's i used to work for i had a call from a woman who was
being stalked and was absolutely paranoid about giving out any of her
personal details. In her case verifying who she was by password was the
best thing. However this is an extreme case and I'm sure other
arrangements could be made for 1 off cases like this.

Nigel





More information about the plug mailing list