1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Reply to: Does anyone else have this irritating problem?

Collapse

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

  • You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
  • You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
  • If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Previously on "Does anyone else have this irritating problem?"

Collapse
  • Keldin
    replied
    Originally posted by BrowneIssue View Post
    It can be worse than that. One public sector client site I was on has 'single sign-on' s/w installed. It's great because it detects virtually all logon screens and remembers what you enter. Handy because you're allowed to use their PCs at lunchtime & after work for personal use - you can whizz straight into a forum or auction and out again quickly.

    When I had been there a few months, I logged a support call to get one of these fixed (an in-house app got installed badly which broke the logon process). Desktop support bod remotely connects to my PC (with no acknowledgement or confirmation needed from me), double-clicks on the icon in the systray for the single sign-on s/w, enters the admin password then goes to my logon entries.

    Displayed is a nice table:
    TimeSheet_app BISSUE01loginid XXXXX
    ProjMan_app BISSUE01 XXXXX
    and so on.

    Support bod clicks on [plain text button] and the passwords change to plain text. So what? The list also included:

    - my GoogleMail account name and password;
    - my Yahoo! account name and password;
    - my personal bank account login including the answers to all 5 security questions, account number and sort code;
    - my business current account number and password;
    - my business deposit account number and password;
    - my web site control panel login details;
    - about a dozen others.

    And apparently all this stuff is mirrored onto a central server that the support team has access to.

    I raised this with their IT security manager, but it was made very clear contractors shouldn't rock the boat.

    There are 6000 people using that organisation's PCs.

    Moral: think VERY hard about what you type in to a computer that you don't have absolute control over.

    All your passwords are belong to us

    You should see how users sweat when you casually mention to them that you can read their email from your computer.


    K

    Leave a comment:

  • Newbie000
    replied
    Badly designed SSO, oh dear.

    Leave a comment:

  • Rymez2K
    replied
    Originally posted by BrowneIssue View Post
    Moral: think VERY hard about what you type in to a computer that you don't have absolute control over.
    Thats why I use this for transferring any sensitive data.

    Leave a comment:

  • BrowneIssue
    replied
    Originally posted by kirk View Post
    No way; monitored, proxied Internet connections belonging to my client aren't for me!
    It can be worse than that. One public sector client site I was on has 'single sign-on' s/w installed. It's great because it detects virtually all logon screens and remembers what you enter. Handy because you're allowed to use their PCs at lunchtime & after work for personal use - you can whizz straight into a forum or auction and out again quickly.

    When I had been there a few months, I logged a support call to get one of these fixed (an in-house app got installed badly which broke the logon process). Desktop support bod remotely connects to my PC (with no acknowledgement or confirmation needed from me), double-clicks on the icon in the systray for the single sign-on s/w, enters the admin password then goes to my logon entries.

    Displayed is a nice table:
    TimeSheet_app BISSUE01loginid XXXXX
    ProjMan_app BISSUE01 XXXXX
    and so on.

    Support bod clicks on [plain text button] and the passwords change to plain text. So what? The list also included:

    - my GoogleMail account name and password;
    - my Yahoo! account name and password;
    - my personal bank account login including the answers to all 5 security questions, account number and sort code;
    - my business current account number and password;
    - my business deposit account number and password;
    - my web site control panel login details;
    - about a dozen others.

    And apparently all this stuff is mirrored onto a central server that the support team has access to.

    I raised this with their IT security manager, but it was made very clear contractors shouldn't rock the boat.

    There are 6000 people using that organisation's PCs.

    Moral: think VERY hard about what you type in to a computer that you don't have absolute control over.

    Leave a comment:

  • kirk
    replied
    Originally posted by fridge View Post
    Yeh mate use your clients connection thats what its there for
    No way; monitored, proxied Internet connections belonging to my client aren't for me!

    Leave a comment:

  • fridge
    replied
    Originally posted by kirk View Post
    You use your clients Internet connection?!??! Ewwwwwwwww
    Yeh mate use your clients connection thats what its there for

    Leave a comment:

  • kirk
    replied
    You use your clients Internet connection?!??! Ewwwwwwwww

    Leave a comment:

  • JailBreak
    replied
    Is it yahoo by any chance??? Because I get the same...... logging out of yahoo mail takes you to same page as logging out of yahoo chat / instant messaging etc..... so prob gonna be blocked by ya proxy server.

    Leave a comment:

  • Bwana
    started a topic Does anyone else have this irritating problem?

    Does anyone else have this irritating problem?

    <deleted>
    Last edited by Bwana; 2 June 2022, 16:14.
    Tags: None

Advertisers

  1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
Working...
X