[ale] OT: Help me figure out what is happening?

Keith Hopkins hne at hopnet.net
Fri Feb 22 22:59:27 EST 2002


Jeff Hubbs wrote:
> I did send a message back explaining about the security risk and asking 
> if there were another way I could complete their form.  Interestingly, 
> in the woman's original message, she talked about faxing back the end 
> result, which stuck me as odd because the whole point of the exercise 
> would seem to me to be online submittal. 
> I've already decided that if I get back a ration of sheitz from that 
> e-mail - basically, anything other than "My goodness, Mr. Hubbs, you're 
> right - we didn't realize this" - I'm going to politely withdraw my 
> application.  Fighting with co-workers/managers about the most basic and 
> obvious computer security issues is something I've had more of in my 
> career than I should have as it is. 
> - Jeff
> 

However unlikely this is, has it occured to anyone that they may come and say, "Yes we realize we are asking you to download an application from the net...That is why we have closely verified the integrity of the process used before asking you to undertake it."

This is a trust issue.  Have you ever installed a binary RPM?  If so, then you trusted the maker of that code, and whoever generated the rpm itself (not always the same person).

So, express your concern to the potential employeer, but be wary in criticizing their methods too harshly before you fully understand what steps they have taken to ensure your security.  Yeah, following blindly is a bad thing too.  You have to find a compromise.

Lost in Tokyo,
   Keith




---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list