Ignorance and Negligence

This project contains articles about companies with poor security or compromised systems.

The themes for these articles include incompetent security practices (such as undocumented root access), poor security practices (such as storing user accounts with clear text passwords) and oblivious security practices (such as allowing a service to be abused). These articles appear in the upper right of this page.

Stolen Accounts

I create custom email addresses for all businesses and groups I deal with.  These custom email addresses are forwarded to my private, secret email account.  Email received on these custom addresses should only come from the businesses or groups for which the email address was created.

For my subscription to Make Magazine, for example, I created an email address similar to "MakeMag_2011@example.com", where "example.com" is a domain name that I own and control.

Spam received on a custom email address is a very good indication that the business or group has allowed my account information to be stolen.  This happens frequently.  My custom email addresses have been stolen from my hosting company, online brokerage and numerous merchants.

Abused Services

Some legitimate companies allow their services to be abused by spammers and do not provide a suitable way to receive notification of such abuse. For example, gmail.com and outlook.com will only take action when email is sent from their servers, which is good. But what about spammers using these email providers for receiving messages?