| View previous topic :: View next topic |
| Author |
Message |
mindlessroller21
Joined: 08 Aug 2011
|
 Posted: Sat May 17, 2014 5:01 pm Post subject: Security violation from footprints recruiting |
 |
|
I wanted to send out a warning to everyone of a dangerous security policy on the http://www.footprintsrecruiting.com/ website.
When you go to create an account there, two very insecure things happen:
1) When you enter your password into the password field it is displayed as plain text instead of being obscured by stars. Anyone near you will be able to see your password.
2) The password is then sent back to you in plain text in an email. Meaning anyone that a malicious third party could fairly easily find your password out if you are on a public network. On top of this https is not used so your information is being sent totally unencrypted just to make it that much easier.
3) Just a guess but your password will probably then be stored as an unencrypted string in their database forever just waiting for some outside party to come in and find it.
I would strongly suggest at a minimum using an alternate password if you use their website but I would honesty just encourage you to find a different recruiter.
Anyone who has such a careless attitude regarding your security is likely to engage in all sorts of poor business practices and really should not be trusted
Just my two cents. |
|
| Back to top |
|
 |
Chaparrastique
Joined: 01 Jan 2014
|
| Posted: Sat May 17, 2014 11:02 pm Post subject: |
|
|
| Lol I doubt the worlds criminal masterminds stay awake at night trying to gain access to your cv on some hogwon website. |
|
| Back to top |
|
|
drcrazy
Joined: 19 Feb 2003
Location: Pusan. Yes, that's right. Pusan NOT Busan. I ain't never been to no place called Busan
|
| Posted: Sat May 17, 2014 11:41 pm Post subject: |
|
|
What about how often you see this when becoming a member of various on line sites???????? If they want my email address, that is ok. But I sure am not going to give them my password. What possible reason would they want that unless to read my email???????
Username: *
E-mail address: *
Password: * 
Confirm password: * |
|
| Back to top |
|
|
ttompatz
Joined: 05 Sep 2005
Location: Kwangju, South Korea
|
| Posted: Sun May 18, 2014 3:08 am Post subject: |
|
|
| drcrazy wrote: |
What about how often you see this when becoming a member of various on line sites???????? If they want my email address, that is ok. But I sure am not going to give them my password. What possible reason would they want that unless to read my email???????
Username: *
E-mail address: *
Password: *
Confirm password: * |
ummm that would be the password you intend to use on the site... not your e-mail password.
(and I thought this was the digital generation).
OP: Footprints has been in the business far longer than you have. Their reputation is mostly intact (maybe a few disgruntled Americans but nothing notable) even after more than a decade at this.
If their practices bother you. Pick another recruiter. It is not like there is a shortage of them out there.
(don't be surprised when you find that your next choice is as insecure as your last one and so is every other recruiter).
Better yet, if you are overly concerned about identity theft or your personal information staying secure .... stay home. This isn't the States.
If you want to work abroad you will be showing your passport and personal details / information to lots of places that don't consider your personal information to be confidential.
It's a big planet and it is not like home. When you get over here your employer will know and likely share all of your personal information including your mandatory medical check.
. |
|
| Back to top |
|
|
drcrazy
Joined: 19 Feb 2003
Location: Pusan. Yes, that's right. Pusan NOT Busan. I ain't never been to no place called Busan
|
| Posted: Sun May 18, 2014 6:23 am Post subject: |
|
|
[quote="ttompatz"]
| drcrazy wrote: |
What about how often you see this when becoming a member of various on line sites???????? If they want my email address, that is ok. But I sure am not going to give them my password. What possible reason would they want that unless to read my email???????
Username: *
E-mail address: *
Password: *
Confirm password: * |
ummm that would be the password you intend to use on the site... not your e-mail password.
(and I thought this was the digital generation). 
But actually, I am from the 78's generation. I especially like my Caruso Records. No vinyl, tape, or CD has the original sound/quality. |
|
| Back to top |
|
|
mindlessroller21
Joined: 08 Aug 2011
|
| Posted: Sun May 18, 2014 12:52 pm Post subject: |
|
|
Actaully drcrazy's post highlights the problem.
Many people use the same password for many websites.
So to address Chaparrastique, no they obviously dont care about your cv.
A malicious third party who has a list of email and passwords in plaintext can then use a script to try those combinations on every banking, email and major ecommerce site in existence in minutes if not seconds. They then sell of your accounts for a couple dollars and some guy in bulgaria clears out your bank account or racks up a couple grand on your paypal or ebay or amazon or whatever. With access to any one of those accounts it would possible to social engineer their way into your social securtiy info, and passport info if they were smart / devoted enough. It can and has ruined peoples lives.
Yes, it's serious, and it is a ridiculous violation of your identity, security and privacy for someone like footprints to have such crappy policies in place.
It would take them maybe one day and a couple hundred bucks to pay a consultant to fix something like this for them. It's not even remotely hard. The fact that they choose not to says alot to me about them as a company.
source: I am a programmer |
|
| Back to top |
|
|
ttompatz
Joined: 05 Sep 2005
Location: Kwangju, South Korea
|
| Posted: Sun May 18, 2014 3:07 pm Post subject: |
|
|
| mindlessroller21 wrote: |
| The fact that they choose not to says alot to me about them as a company. |
LOL... like I said... the rest of the planet is not like the US of A and Footprints isn't located in the US either. They don't need to conform to YOUR standards and they're not breaking any "rules".
There is no need to secure your "data" on the website. You're not using your credit card or sharing your bank information. EVERYTHING they ask for will be spread like butter by everyone in the process.
When you leave home your personal data will be left out on counters, photocopied by desk clerks, shared with your co-workers and everyone at the neighborhood hagwan association.
Your resume in all its glorious detail will be posted all over for potential employers to see, share, discuss, forward and maybe even consider you for hire.
Welcome to the rest of the world.
Get over it or stay home.
. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
