Re: [IxDA Discuss] Security on the web: how far do we go?

2008-03-08 Thread Michael Micheletti
On Sat, Mar 8, 2008 at 10:08 AM, Gloria Petron <[EMAIL PROTECTED]> wrote: > David Platt devotes Chapters 3 & 4 of his book, *Why Software Sucks...And > What You Can Do About > It*< > http://www.amazon.com/Why-Software-Sucks-What-About/dp/0321466756/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1204999335&sr

Re: [IxDA Discuss] Security on the web: how far do we go?

2008-03-08 Thread Gloria Petron
David Platt devotes Chapters 3 & 4 of his book, *Why Software Sucks...And What You Can Do About It*, to this very issue. His quote: "The No.1 threat of security isn't the packet

Re: [IxDA Discuss] Security on the web: how far do we go?

2008-03-07 Thread Stephanie Heacox
Reminds me of a former client (large multinational with huge legal concerns) who grudgingly gave me access to the litigation support section of their intranet so that I could re-architect it. After giving me a stern lecture on the importance of absolute security, he pulled out his drawer to view h

Re: [IxDA Discuss] Security on the web: how far do we go?

2008-03-07 Thread Gretchen Anderson
And, in my experience the sites that use account locking are exactly those that don't really need it. Corporate travel? My bank doesn't lock me out after 3 tries! Sheesh. My PG&E account does however, and every month I lock myself out for 24 hours. Are hackers trying to pay my energy bill! Let them

Re: [IxDA Discuss] Security on the web: how far do we go?

2008-03-07 Thread Jack Moffett
On Mar 7, 2008, at 5:02 PM, Sebi Tauciuc wrote: > Without any notice, her account was blocked and > she was told to contact the admin/support tu unblock it. I've had issues with this as well. The other night, I was trying to get onto Discover's site to redeem my cashback bonus. I rely on the

Re: [IxDA Discuss] Security on the web: how far do we go?

2008-03-07 Thread Katie Albers
Well, ignoring the account blockage question for the moment: There are exactly zero situations in which it's acceptable for a company to dictate usernames and/or passwords for their employees on external web sites. If you put your employees in a situation where the only way they can reliably re

[IxDA Discuss] Security on the web: how far do we go?

2008-03-07 Thread Sebi Tauciuc
My girlfriend is on a business trip in another country, and she was trying to book herself a plane ticket back (her stay was longer than expected). She tried to login to the travel company's web site, but she wasn't sure about the username (picked by her company) and password (she has several), so