>>the emails they send are not sent in one piece but split up
>>on the way from cebik.com to your isp and to you.
Really? Can you explain me how this is done? Also please tell me how the
pieces are re-assembled before hitting my email client's inbox
folder, since they're in one piece when I've looked there.
e-mail is by no means a secure way to send any sensible data. You're
assuming a lot of things which are not as simple as you think. email has
to travel a lot of different networks, machines, sysadmins policies and
unsecured/untrusted paths to get from the sender's machine to
destination. In every one of this paths data packets can be sniffed or
copied or both.
>>Nothing to worry about.
I'm not worried: _I'm_ not using the same login/password in two sites or accounts. But *if* I were doing such a thing, I would be better very worried:
suppose I've had the bright idea to put up every account to the same
username (very likely, my callsign) and password. Now, a sniffer is run
in the path of this email, so the sniffers gets the *email address* and
the user/name password on it sent in *PLAIN TEXT*. Got it? He is able to
hijack my email address, and with it, he can hijack EVERY other account
I have linked to that address, merely hitting "Forgot your password"
links in sites and getting new passwords sent to this email address. He
can impersonate me in every site I have account on, and even create new
accounts. Hope I wasn't so stupid to link my bank/credit cards accounts
to the same email address or username/password.
But, if happened to the tap/sniffer to be closer to the sender smtp server,
every address/username/password of the site would be hijacked.
Please see http://en.wikipedia.org/wiki/E-mail#Privacy_concerns
Also, you have failed to note another security trap revealed by the
Please note the fact that the credentials to the site itself are passed
out as variables embedded in the URL, so if you're login in the site
from a untrusted/public/not-your-own machine, you need to properly
delete the browser history file and cache to at least make a little
difficult to other people to see at your authentication data. Also it's
possible that this URL with embedded credentials to get logged in the
http server log files at the hosting site, because several ISPs use this
info to track down usage statistics, client's IP addresses, etc. It's
possible to the http server admin, which may or may not be authorized to
manage user authentication information, to get this info.
>You are underestimating the man who runs Antennex.com and cebik.com, Jack Stone.
Oh, yes? Why? He's not doing the right thing as site sysadmin. Enough.
> why not drop him an email at firstname.lastname@example.org
I've replyed to the sender address (email@example.com
) of the email
I've got, which was signed by another person. And this mail didn't get read by
Jack Stone nor anybody else (although it was delivered to their server
and accepted into them, so the account must exists there).
I received today this email from Jack Stone:
Date: Fri, 07 Aug 2009 08:35:31 -0500
Fri Aug 07 10: 6:07 2009
From: Jack L Stone <firstname.lastname@example.org
Subject: Your complaints
X-Spam-Status: NO, hits=-10.00 required=4.50
It has been noted you have made unwarranted complaints about how we
handle login info at the cebik.com site.
If you have a complaint, suggest you complain to me (us) directly
instead of an unrelated forum.
Clearly you don't know what you're talking about. Until a year+ ago,
there was no login at all and the content on www.cebik.com
open. The login is only an attempt to curtail piracy by attempts at
Visiting the web sites are a privilege, not a right. Privileges and
rights can both be revoked for cause.
BTW: Other hams have reported your behavior as being willfully
ignorant. You are not doing yourself any favors by such posts.
So this demonstrates that they are not even capable of setting
administrative address aliases, or non-reply-accepting address in their
servers, so my response to the address from where the email was sent was
not delivered to him by his *own* mis-configured server.
My account was revoked, and I was unsubscribed from their site/list.
Also, this shows how thin-skinned some people is, and how they manage
their mistakes: killing the messenger.