Monday, 14-May-12 21:58
My pet peeve Finnish phrase

Finnish sayings can be stupid, but this has got to be the most stupid ever:

"If you let a piece of cake fall sideways when you take it from the tray, you will get a bad mother-in-law." ("Jos kaataa kakkupalan, saa huonon anopin.")

I mean - COME ON! Your entire relationship with a possibly completely perfect human ENTIRELY RUINED by one fumbled feat of dexterity? Of which any regularly social person will have about a MILLION opportunities to fail before the wedding bells ring?

What about if the cake is just badly constructed? How would it look like if, after several years of torment from a mother-in-law-from-hell someone turned up to your doorstep with a hatchet and demanded revenge over one slippery frosting? Imagine the responsibility and diligence one would have to exercise to ensure a good life for all friends?

Friday, 04-May-12 13:17
Kaleva/Amadeus security doublefail

This is just fucking insane: Kaleva Travels (and/or Amadeus, not sure which one is the real culprit here) not only stores the user passwords in plaintext, they also routinely share them with the service desk. Check out this email I got (real password blocked out, duh, and some not-so-useful mail headers removed):

Date: Wed, 25 Apr 2012 13:33:02 +0000 (GMT)
From: webmaster@amadeus.net
To: xxxxxxxxxxxxxxx
Cc: e-servicecenter@kalevatravel.fi
Message-ID: <19272339.55056.1335360782390.JavaMail.SYSTEM@relay.amadeus.net>
Subject: Oma salasanasi

Hyvä Janne Jalkanen,
 Salasanasi on: xxxxxxxx
 Kiitos, että käytit yrityksesi online-varausjärjestelmää. Arvostamme asiointiasi.

Note the CC-line.

How could a company at this day and age so blithely ignore customer security is completely beyond me; storing plain text passwords is bad enough, but sharing them with who knows how many people...? In this case, I didn't even request a password reset; they just decided to send it to me at random and made it useless.

I fully realize that this is all done in the name of customer service, but there are far better ways - and secure - ways of doing this than just sharing the password around like it were a big box of cookies.

Also, this highlights the importance of using a different password across all the systems. You never know who's going to leak it.

Update: Our assistant just let me know that she also received the email with my password in it. So now I have no idea how many people have received my email/password combination. This is just fucking great.

Update, May 9th: Someone from Kaleva's Marketing called me and wanted to have a chat about what they could do about this. That's a good response.


Private comments? Drop me an email. Or complain in a nearby pub - that'll help.



More info...  
"Main" last changed on 10-Aug-2015 21:44:03 EEST by JanneJalkanen.