an unhappy customer.
On Tue, 29 Feb 2000, Vin Diaz wrote:
> Here's a horror story I wish had never happened. Everybody who uses the
> CRYPT-PW auth scheme with Network Solutions please read:
>
> Yesterday I modified the DNS servers for a domain name that I have
> registered with Network Solutions. I use the CRYPT-PW authentication scheme
> for my domain names. The confirmation was pretty quick, got a response
> within 5 minutes. The tech contact for the domains is a role account
> (hostmaster@mycompany), which is an alias that goes to me and many other
> technical people at my company, including my boss and the CIO. So I got a
> separate copy of the confirmation email sent to the tech contact, which is
> also cc'ed to the admin of the DNS servers.
>
> To my great horror, I found that the confirmation email included the
> original request I sent out, with the plain text password completely intact!
> Which means all my colleagues at my company and the sysadmins at my ISP (a
> big ISP, who knows how many people are on that list) now have access to my
> personal password! To add to my embarrassment, my password includes some
> naughty words, so my boss, my boss's boss, and all my colleagues now know my
> little dirty secret!
>
> Network Solutions! I want to f*^& all the incompetent morons who work at
> that dumbass company.
>
