Does anyone else have this irritating problem?

**JailBreak** · 6 November 2007, 21:15

Is it yahoo by any chance??? Because I get the same...... logging out of yahoo mail takes you to same page as logging out of yahoo chat / instant messaging etc..... so prob gonna be blocked by ya proxy server.

**kirk** · 6 November 2007, 21:23

You use your clients Internet connection?!??! Ewwwwwwwww

**fridge** · 6 November 2007, 21:56

Originally posted by kirk View Post

You use your clients Internet connection?!??! Ewwwwwwwww

Yeh mate use your clients connection

thats what its there for

**kirk** · 6 November 2007, 22:06

Originally posted by fridge View Post

Yeh mate use your clients connection

thats what its there for

No way; monitored, proxied Internet connections belonging to my client aren't for me!

**BrowneIssue** · 9 November 2007, 13:25

Originally posted by kirk View Post

No way; monitored, proxied Internet connections belonging to my client aren't for me!

It can be worse than that. One public sector client site I was on has 'single sign-on' s/w installed. It's great because it detects virtually all logon screens and remembers what you enter. Handy because you're allowed to use their PCs at lunchtime & after work for personal use - you can whizz straight into a forum or auction and out again quickly.

When I had been there a few months, I logged a support call to get one of these fixed (an in-house app got installed badly which broke the logon process). Desktop support bod remotely connects to my PC (with no acknowledgement or confirmation needed from me), double-clicks on the icon in the systray for the single sign-on s/w, enters the admin password then goes to my logon entries.

Displayed is a nice table:
TimeSheet_app BISSUE01loginid XXXXX
ProjMan_app BISSUE01 XXXXX
and so on.

Support bod clicks on [plain text button] and the passwords change to plain text. So what? The list also included:

- my GoogleMail account name and password;
- my Yahoo! account name and password;
- my personal bank account login including the answers to all 5 security questions, account number and sort code;
- my business current account number and password;
- my business deposit account number and password;
- my web site control panel login details;
- about a dozen others.

And apparently all this stuff is mirrored onto a central server that the support team has access to.

I raised this with their IT security manager, but it was made very clear contractors shouldn't rock the boat.

There are 6000 people using that organisation's PCs.

Moral: think VERY hard about what you type in to a computer that you don't have absolute control over.

**Rymez2K** · 9 November 2007, 15:25

Originally posted by BrowneIssue View Post

Moral: think VERY hard about what you type in to a computer that you don't have absolute control over.

Thats why I use this for transferring any sensitive data.

**Newbie000** · 9 November 2007, 15:59

Badly designed SSO, oh dear.

**Keldin** · 9 November 2007, 19:07

Originally posted by BrowneIssue View Post

It can be worse than that. One public sector client site I was on has 'single sign-on' s/w installed. It's great because it detects virtually all logon screens and remembers what you enter. Handy because you're allowed to use their PCs at lunchtime & after work for personal use - you can whizz straight into a forum or auction and out again quickly.

When I had been there a few months, I logged a support call to get one of these fixed (an in-house app got installed badly which broke the logon process). Desktop support bod remotely connects to my PC (with no acknowledgement or confirmation needed from me), double-clicks on the icon in the systray for the single sign-on s/w, enters the admin password then goes to my logon entries.

Displayed is a nice table:
TimeSheet_app BISSUE01loginid XXXXX
ProjMan_app BISSUE01 XXXXX
and so on.

Support bod clicks on [plain text button] and the passwords change to plain text. So what? The list also included:

- my GoogleMail account name and password;
- my Yahoo! account name and password;
- my personal bank account login including the answers to all 5 security questions, account number and sort code;
- my business current account number and password;
- my business deposit account number and password;
- my web site control panel login details;
- about a dozen others.

And apparently all this stuff is mirrored onto a central server that the support team has access to.

I raised this with their IT security manager, but it was made very clear contractors shouldn't rock the boat.

There are 6000 people using that organisation's PCs.

Moral: think VERY hard about what you type in to a computer that you don't have absolute control over.

All your passwords are belong to us

You should see how users sweat when you casually mention to them that you can read their email from your computer.

K

Does anyone else have this irritating problem?