On Wed, Nov 12, 2003 at 10:04:38 +0100, Kurt A. Schumacher wrote:
> I consider this a MAJOR security breach. This has been repeatedly reported
> to nic.ch - including their legal and compliance department (SWITCH security
> responsible) - over the last 12 months:
Well, I would call it "fahrl�ssig" - with this information sent via cleartext.
Might be worth to submit to the "Datenschutzbeauftragter" (I wonder, why it isn't
called "Datenschutzdepartement" - there can't be so few issues which
just requires just one person)
What's the legit status anyway? I mean, there are folks out there that
send confidential data over mobile phones, fax or regular phone... any
of these could get eavesdroped... so does you daily mail.
> Official answer: "We can not understand your problem." Not even a sorry, or
> a thank you. They promised looking for it - but nothing changed again.
If I'm not wrong, you can send online a request to get your access
information - so the payment-mail sent with the link does not provide more
information than the mail you (or who ever) would get with this request...
> SWITCH - nic.ch - a ignorant and stupid organization.
Well, that's almost anyone that sends access information in cleartext
mails... the problem is, that there's almost no security mechanism in
place - I doubt that if switch would provide (and please do) a way to
submit a gpg-key to get emails encrypted that it would be used by a wide
userbase anyway...
Don't blame switch, it's a software problem >;)
Regards
Philipp
--
_;\_ Philipp Morger / PHM2-RIPE System & Network Administrator
/_. \ Dolphins Network Systems AG Phone +41-1-847'45'45
|/ -\ .) Email: <[EMAIL PROTECTED]>
-'^`- \; Don't send mail to: [EMAIL PROTECTED]
----------------------------------------------
[EMAIL PROTECTED] Maillist-Archive:
http://www.mail-archive.com/swinog%40swinog.ch/
