[Full-disclosure] When will they ever get it !?!?!?!

[wilder_jeff Wilder <wilder_jeff@xxxxxxx>]

As you will all know I am one never to post, but I had to bring this to a 
discussion point.
 
I received an e-mail today from the Gallup Journal inviting me to join their 
LEET management spam list. 
Within this inventation, they had provided me with my username (Ahhh how nice) 
and my password ({GASP} OMG!) in clear text (WTF!). 
 
So, I track down the domain admin... she has no idea... I get run through the 
support gauntlet until I assist upon supervisor, Please hold.  As I sit and 
listen to something that should be played at a funeral, not much further from 
the death march,  I was graciously hung up on; the man is now pissed.
 
I wouldnt be so upset had this username and password ( be generic or single 
use) but it is from and active websites that I currently visit.  I can 
understand if I had asked them to send me a password... or had a formal 
relationship with them; however, this is not the case.
 
I was wondering if anyone else received this same e-mail?   As a security 
assessor, I see so many large companies that just dont get it. What will it 
take for an orginization such as Gallup to understand the fundementals of 
security.
 
 
-enjoy!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/