|
|
| Non-WTF Job: IT Applications Manager at Questex Media Group (Auburndale, Ma) |
|
|
|
| Non-WTF Job: IT Applications Manager at Questex Media Group (Auburndale, Ma) |
| « What Error Message? | Not Exactly AJAX » |
As the IT Director at a Real Estate company, most of John Sadowski’s work revolves around document management. Since many documents are still transmitted by the age-old method of facsimile, his company uses a fax-to-email service to help inject some modern technology into the realm.
Their fax-to-email provider has a slick web interface with excellent security. He became a bit worried, however, on the day he needed to change the email address that faxes were sent to. After clicking on [Change Email Address] button, the website displayed the following message:
For security purposes we do not allow changes to fax delivery email address through the web interface, please call 1-800-xxx-xxxx to speak to a representative.
Excellent, John thought, most of the faxes we received are confidential in nature. We wouldn’t want them falling into the wrong hands.
He promptly called the number and had the following conversation.
“Hello, tech support.”
“Hi,” John said, “I need to change the delivery address on my fax-to-email account.”
“Sure,” the support rep cheerfully responded, “What’s your fax number?”
“It is 403-xxx-xxxx.”
“Okay,” the rep said as she typed a fury of keystrokes, “what email address would you like to use?”
“frontdesk@xxxxxxx.ca, please”
“Okay,” she replied after typing in a bit more, “done! Is there anything else I can help you with?”
“Ummm…” John paused, “No… thanks…”
“Great, thank you for calling and have a great day!”
-- click --
Somehow, John would have felt better using the web interface.
Is that a serious question!? Hoping not, but just in case, the answer is that the website forces you to phone "for security purposes", but tech support adds zero security. They allow anyone at all to ring up, quote a fax number and choose which email address to send to, without any attempt at verifying that the person calling actually owns the fax number in question. So you could ring up and get your competitor's faxes sent to you. |
|
My former employer was implementing an B2B eCommerce system and we had a lot of hot discussions about security and how to handle logins, lost passwords etc. When we asked customer service how they verify the customers are who they say they are, they kind of said they just know.
Needless to say security became a lot less important and we moved onto other things to fight about. |
|
This is like when I accidentally set off the alarm system in my home as I was leaving. I had to go in and wait for the monitor to call, to tell them it's a false alarm, or else they would send the cops out to investigate, and false alarms tend to piss the cops off, and you don't want to piss off your friendly neighborhood cops, because it's like the boy who cried wolf, and the next time might be real, so... I went back in, and waited... and waited... and about eight minutes later (how much damage could a burglar do in eight minutes, do you suppose?), they called.
Them: Hi, this is WTF Security calling; we've got an alarm signal for your residence. Is everything okay there? Me: Yes, I just accidentally set the alarm off. It sure took you a long time to call. Them: I called as soon as I got the signal, sir. Me: When I set the alarm off I came back in to wait for your call. That was about eight minutes ago. Them: I called as soon as I got the signal, sir. I'll just mark this as accidental. You have a nice day. Me: You think maybe you ought to ask me for my password first? Them: Okay, sir, what's your password? Me (getting really pissed now): I don't know what the damn password is, man, I'm a burglar. Them (getting about as pissed): Sir, I seriously doubt that you're a burglar. Me: Fine, whatever. Tell your boss I'll be replacing you guys with someone a little more dependable. (hang up) |
| « What Error Message? | Not Exactly AJAX » |
