Email is unsecure - why are PWs sent by email?

D

dowork

New member
Apr 12, 2011
42
1
0
Why do companies like hosting, traffic sources, and networks send Passwords and account info by email when you sign up and then when you do a forgot password?

Some networks ask for your bank account info to set up wires and ach by email...LOL

Email is totally unsecure and anyone can sniff the packets.

Yes, I know if you do a pw request you have to update your pw when you log in. But anyone can plug in your email to do a pw request, sniff the packets and be in.

Everyone says to have a secure email pw but it doesn't even matter since all emails we send our unsecure.

Any thoughts on this?
 


b_sun said:
I think any idiot with a brain can spot a fluffer post when they see it.
Click to expand...

Sorry this is a real question, doesn't make sense to me. All the security sites say email is unsecure so makes no sense important things like PWs and account info is sent to them with out being encrypted.

I was hoping those who understand this subject could share some info.
 
dchuk said:
Any company that sends a password in plain text should die in a fire because they don't understand basic web app security practices.
Click to expand...

LOL, yep. Recently, I naively sent an email to customer service of a service provider I use asking how to reset my password since I forgot it and I assumed they wouldn't have access to it. The response:

"There's no reset, your password is xxxxxxxxx. Let me know if I can do anything else for you."

third_party_facepalm.jpg
 
Third party face palm lolololol.
EMail is insecure? As far as I'm concerned, almost any online website is insecure in some way. I know people that are too damn good at hacking and it scares the living shit out of me.

That's why I pay them to secure my applications.
 
Since email is not secure and all data is sent in plain text...

Do hackers just have "email scrappers" running non stop that just constantly store everyone's emails?

Can any IT guys explain how things work? Is it really that easy for someone to see our emails?

Think about all the inside info and data someone could gather if they can see all your emails. I'm not talking about logging in to your email account, just simply storing all the emails sent/received over plain text.

Email isn’t secure because the vast majority of it is transferred from sender to recipient using nothing but plain unencrypted text. It’s the transport method where the insecurity happens.
 
I like the way Amazon EC2 sends the admin password for Windows VPS.

No email, you decrypt the password from the log using the private key you generate.
 
lol when bank info gets sent by email - how many times have we seen networks hit REPLY ALL or send to entire list by mistake?
 
papajohn56 said:
lol when bank info gets sent by email - how many times have we seen networks hit REPLY ALL or send to entire list by mistake?
Click to expand...

Sorry your missing the point, I'm saying it doesn't make since to send bank info by email since it is unsecure.

Can someone explain why we shouldn't be worried about having our hosting and domain log in details taken by someone who is monitoring our emails? Is it unsecure but just hard to do?

All they have to do is monitor our emails, then do a pw request. They see the pw request come through and log into our account. Bam, all your domains and hosting is all fucked up now.

Is it really that easy?
 
The internet isn't secure. Request a carrier pidgeon to deliver your password reset, most top networks are known to have an aviary out back.
 
emergent said:
The internet isn't secure. Request a carrier pidgeon to deliver your password reset, most top networks are known to have an aviary out back.
Click to expand...

LOL good one!

No one can explain how it actually works, no one is concerned that all their stuff can easily seen over email?

There must be something that makes it not so easy for hackers just to see all our emails...
 
ive heard of companies who inspect packets inside their offices. how to prevent it?
you can essentially only use military-grade VPN

if you have a company it's a good thing to do. will violate basically all privacy/employee law though.... so either a) be somewhere where such laws don't exist to begin with b) better keep the f quiet.

you can and will be able to read:

anyone's incoming and outgoing e-mails
anyone's instant messenger sends/receives (depending on IM client)
just anything that is written on a keyboard and transmitted over the web in cleartext essentially.
basic VPNs can not stop it either.
 
evelynds said:
ive heard of companies who inspect packets inside their offices. how to prevent it?
you can essentially only use military-grade VPN

if you have a company it's a good thing to do. will violate basically all privacy/employee law though.... so either a) be somewhere where such laws don't exist to begin with b) better keep the f quiet.

you can and will be able to read:

anyone's incoming and outgoing e-mails
anyone's instant messenger sends/receives (depending on IM client)
just anything that is written on a keyboard and transmitted over the web in cleartext essentially.
basic VPNs can not stop it either.
Click to expand...

I'm pretty sure that isn't illegal. I worked for a FTSE 100 company a couple of years ago and they made it clear employees can and will be monitored.

Shit, supervisors and managers even had access to monitor subordinates machines.
 
You must log in or register to reply here.
Top Bottom