undefined | Better HN

0 pointspavel_lishin14y ago0 comments

What about the same scenario, but instead of altering domain records, a CSR logs into the customer's e-mail account, or bank account, and starts wreaking havoc?

0 comments

Dylan1680714y ago

What? If it's the same scenario then the CSR does not and never did have the password, they just have domain control panels. The whole point is that they can't do that.

pavel_lishinOP14y ago

I mean the scenario posed by Gigabytecoin, in which a CSR can read my password in plain text.

Dylan1680714y ago

Oh. Well why would you ask freejack in particular about that? That's not how their security is set up.

1 more reply

j / k navigate · click thread line to collapse

0 pointspavel_lishin14y ago0 comments

What about the same scenario, but instead of altering domain records, a CSR logs into the customer's e-mail account, or bank account, and starts wreaking havoc?

0 comments

Dylan1680714y ago

What? If it's the same scenario then the CSR does not and never did have the password, they just have domain control panels. The whole point is that they can't do that.

pavel_lishinOP14y ago

I mean the scenario posed by Gigabytecoin, in which a CSR can read my password in plain text.

Dylan1680714y ago

Oh. Well why would you ask freejack in particular about that? That's not how their security is set up.

1 more reply

j / k navigate · click thread line to collapse