PDA

View Full Version : MA Rider Net



Linden
17-07-2015, 03:54 PM
here is the note I sent to MA this morning ... (cc MNSW StGeorge)

No response 9 hours later



Good morning

Regarding the MA RideNet site

As a long time Computing Specialist I was very concerned to see that
1) you store user passwords
2) you send passwords in plain text via email (and include user id in
the same email)
3) you email the above WITHOUT prior request

Given the additional details you store this places anyone who uses you
site at great risk of serious identity fraud

Please feel free to call me to discuss or have a look at something like
http://plaintextoffenders.com/faq/devs

Linden ROTH

Any other IT people (and others) care to comment

Marshy
17-07-2015, 04:44 PM
Any other IT people (and others) care to comment

As I understand it, it's an MNSW initiative, so they are probably first port of call. And you might have gone a little over their technical heads with the explanation! Besides, being (mostly) govermint, don't they have some formal legal "Comply with the federal Privacy Act" obligations?? Hit 'em with that! :thumb:

And in the meantime, please don't steal my details!