[TR] [6pack] vtr passwords and their dissemination

Bill anabil007 at comcast.net
Mon Mar 1 14:09:04 MST 2010 

HEAR, HEAR, AT LAST A SENSIBLE REPLY TO A RIDICULOUS COMPLAINT ...


>I am going to take the "high road" here and suggest that you really should
>check out your facts before you send out e-mails like this and stir up all
>kinds  of unnecessary controversy! It is particularly insulting to those of
>us who  voluntarily spend more than 30 hours per week on VTR related
>matters, to have  our efforts referred to as "the most egregious security
>practice
>I have ever  seen" and "incredibly amateurish habitb.
>
>This is probably all a moot point since we will likely be discontinuing
>the practice of including your password on any VTR correspondence, however
>convenient others may find this to be.
>
>
>First of all, let me assure everyone that "every" e-mail that is sent  out
>from VTR does not include your username and password.
>
>Interestingly enough, I, as VTR Membership Secretary, do not even know or
>have access to what everyone's password is. It is a totally blank field in
>our  administrative database. I can insert a new password, but I never know
>what the  prior password was.
>
>I am sure our President will be responding but let me remind you of
>(apologies in advance to Information Technology Officers) a few things about
>passwords in general. You presumably have a safe, secure, password for your
>e-mail account and only you can view your e-mail. Therefore, any e-mail we
>send
>  you with your VTR password would presumably be read only by you. Because
>many  e-mail users on any system forget or otherwise lose their passwords,
>virtually  every system allows you to request your password. With most systems
>I am  familiar with, the recovered password is sent to your e-mail address
>after the  system first verifies your request, and matches the e-mail
>address on file  associated with the username you attempted to log in under.
>
>Anyway, suppose someone with ill-intent does acquire your VTR  password.
>Since we house no financial information in your profile (like credit  card,
>PayPal, or bank account information) there is little that could be done to
>your profile, other than nuisance name changes, etc. I submit to you that your
>  exposure is not much greater than your listing in a local telephone
>directory or other public information sources readily available on the
>Internet.
>
>Not withstanding the foregoing, my recommendations will be to remove the
>passwords from all VTR correspondence, with the exception of specific
>requests for recovery.
>
>Regards,
>Bill Lynn
>VTR Membership Secretary
>e-mail: _triumphtr2 at aol.com
>_ (mailto:triumphtr2 at aol.com)
>
>In a message dated 3/1/2010 8:08:53 A.M. Central Standard Time,
>sumton at sbcglobal.net writes:
>
>
>I just received an email from the Vintage Triumph  Register.  every email
>they send out has your username and password in  clear text.
>
>help me out people - this is the most egregious  security practice I have
>ever seen.  please send them an email and tell  them to stop this
>practice!!!!!  tell them you will not renew until they  cease this incredibly
>amateurish habit.
>
>their email is _membership at vtr.org_ (mailto:membership at vtr.org)
>_______________________________________________
>
>6pack at autox.team.net
>Donate: http://www.team.net/donate.html
>Archive: http://www.team.net/archive
>Forums: http://www.team.net/forums
>Unsubscribe/Manage: 
>http://autox.team.net/mailman/options/6pack/anabil007@comcast.net


-- 
"Thinking is the hardest work there is. That's why so few people 
undertake it." - Henry Ford
Bill Pugh
1957 TR3
"Casper"
TS16765L
Wallace, CA

More information about the Triumphs mailing list