Gogrids Security Faux Pas
Shane Jones is reporting on the cloud computing group that Gogrid has some serious security issues surrounding their password policies.
Shane posted this earier.
Shane posted this earier.
I contacted customer support through their online live chat support. My expectation was that they would either point me to a page where I could go through a process of requesting a password reset or that they would have to reset my password and the system would automatically send it to my email address.Michael Sheehan, Technology Evangelist for GoGrid responded;
The support rep asked for my name, email address, and billing address for the credit card on file. What happened next, was a complete shock to me...in the chat window, there was my password in plain text. Not only did the rep have access to my password (which is completely unacceptable), but they actually gave it to me without any real assurance that I was who I said I was.
Thank you for pointing this out. I will be sure that our support team knows not to give out this type of information, or if it is given out, it is done in a secure manner.I'm not a gogrid customer nor have I used their service, so I can not confirm this report first hand. But regardless of whether or not the site is SSL encrypted, in order to gain access to someones account you appear to need is some basic credentials and they will freely give you access? Sounds scary to me.
Security is of utmost importance to us. If you have any other suggestion on how we can increase your comfort level (e.g., with password hints, temporary password resets, etc.) please let me know.
Do note that our entire GoGrid portal is run with SSL-encryption, INCLUDING the chat session so while I agree with you that the password should not have been delivered in that manner, the chat session was encrypted with RC4 128 bit encryption.
Labels: Cloud Computing, gogrid, security
posted by enomaly
at
10:35 AM
3 Comments :
I wanted to let readers know that we at GoGrid have implemented some procedure fixes to address any concerns that GoGrid users may have. More information on this can be found on the GoGrid blog.
Thank you,
Michael Sheehan
I use gogrid and had a similar experience. It was, and is, a bit unnerving that they would store my password in plaintext. It makes me suspiciuos of their entire security architecture. Perhaps this is part of why i only have one instance there.
Shane,
Terremark has built a secure and reliable cloud computing platform called The Enterprise Cloud. The Enterprise Cloud is designed for applications where availability is critical and rapid scale is required. These combine to provide our customers with piece of mind for their business critical applications.
If you would like to check it out, visit the site www.theenterprisecloud.com and engage our sales staff on chat for a live demo.
-Ryan McDermott
Technology Evangelist
Terremark
Post a Comment
Subscribe to Post Comments [Atom]
Links to this post :
Create a Link
<< Home