This is a warning to anyone that has, or is considering opening an account
on www.indianapolismotorspeedway.com. If you have an account on that site I
encourage you to verify what I'm saying by calling 1-800-822-4639 and see
for yourself. Pretend you received a message telling you your account has
been locked.

The password you use to protect your account on that web site is not
protected. Personnel in the ticket office know your user id and password. If
that userid and password are used on any other web sites, your personal
information may be exposed. It is a fact (I work in Information Security)
that many people use the same userid/password combination for their bank,
credit card, or other secure sites they visit.

Folks, I am not kidding about this. The Indianapolis Motor Speedway web site
reveals your password to the personnel in their ticket office. No other site
that I know of handles account passwords this way. (Well, they at least
offer other ways to reset or be reminded of a forgotten password, thus
minimizing the exposure.)

I have an account and wanted to renew seats for a 2007 race. I apparently
entered the wrong password, was told my account was locked, and that I had
to call the ticket office 1-800 number. I did so on September 1, 2006. 2006,
not 1990!!!

After getting my name and customer number, the woman on the phone asked for
the userid and password I entered. HUH? I questioned if she knew the correct
password for my account, and shockingly, SHE DID! When I asked why, her
answer was "how else would I know what the correct password is"?

OMG! Wake up, IMS, provide a self-reset function, or a way for the ticket
office to reset (NOT REVEAL) the password, or send it in an email, there are
several secure options. Go to your own bank accounts see how they do it.

Very disappointing that a reputable company like IMS manages their web site
way.

D. McHugh
aka Bit Tamer

"D. McHugh" <NO_deemaq (AT) yahoo (DOT) comSPAM> wrote

Do they store your credit card info online? If they don't, why would it
make any difference if your account was hacked?

alien

alien wrote:

The issue us that most people use the same logon ID and password for a
lot of different purposes. So lets saay that its the same logon ID and
password for IMS that it is for Paypal and Amazon. A hack of IMS would
provide that information to the attacker.

On Sun, 03 Sep 2006 10:21:06 -0500, "Merrill P. L. Worthington"
<mplw (AT) us (DOT) ibm.com> wrote:

over. you do you get what you get.


--
Posted via NewsDemon.com - Premium Uncensored Newsgroup Service
------->>>>>>http://www.NewsDemon.com<<<<<<------
Unlimited Access, Anonymous Accounts, Uncensored Broadband Access

PettyFan43 wrote:

The reality is that most people do. They don't use a separate pwd for
applications. I would NEVER use the same password, but I'm in the small
minority.

On Sun, 03 Sep 2006 19:07:55 -0500, "Merrill P. L. Worthington"
<mplw (AT) us (DOT) ibm.com> wrote:


--
Posted via NewsDemon.com - Premium Uncensored Newsgroup Service
------->>>>>>http://www.NewsDem

PettyFan43 wrote:

And that doesn't matter much if you've got an effective keystroke logger.

On Mon, 04 Sep 2006 00:05:14 -0500, "Merrill P. L. Worthington"
<mplw (AT) us (DOT) ibm.com> wrote:


--
Posted via NewsDemon.com - Premium Uncensored Newsgroup Service
------->>>>>>http://www.NewsDemon.com<<<<<<------
Unlimited Access, Anonymous Accounts, Uncensored Broadband Access