I just read the NAZI post. How do I get in touch with those idiots.
Lovely. Guess I'll have to set the record straight since I'm likely the only one interested in doing so.
Jenna's profile included a link that prompted people for their loginID and password. This could be a major problem, as some people might type in their SI loginID and password without reading every word of the prompt.
If someone typed their SI loginID and password into that prompt, another site would've had their SI loginID and password in their logs.
I get the feeling I'm the only one I spoke with today who considers this a potential "bad thing".
I PM'd Jenna telling her the link needed to be fixed or removed immediately. I didn't get a response. Figured she was busy and didn't notice yet another PM in her inbox, so I suspended her. As I explained to her, the suspension wasn't "punishment", it was the online equivalent of the "meatball" flag that's waved at a racer who has a mechanical problem he's unaware of and needs to come in to the pits. Anyone have another way I can get someone's attention quickly for something that's important? I'm all ears.
When I "suspended" her account, I told her she needed to fix it immediately (it was still a problem during her suspension) or give me her loginID and password so I could do so.
Her reply contained neither, and since the problem code was still there, I had her profile zapped then removed the suspension.
I'm sorry if this doesn't fit in with any of the scenarios so many people like these situations to fit into, but it was potentially a major security breach, and I'd be derelict in my duties if I didn't take immediate steps to protect unsuspecting people's login info.
As a result of this, and the amount of flack I got trying to effect what should've been a quick and painless fix, I'm going to ask engineering to make sure this can't happen again. The only way I know of is to remove the ability to include <A HREF> tags in profiles, which would make me as unhappy as everyone else who uses them. Though I'm certain this time was simply an oversight when the profile was created (or likely a change at the referenced site), the potential exists for intentional misuse.
Regards,
SI Admin (Bob)
aka "The NAZI" or one of "those idiots"
PS. It's apparently escaped some people that if someone's posting now, they're not suspended. In case it's not quite as intuitive as I thought, let me go on record here saying that if someone is posting, their posting privileges are not suspended. |
