{"id":736,"date":"2008-07-22T07:43:04","date_gmt":"2008-07-22T06:43:04","guid":{"rendered":"http:\/\/www.itwriting.com\/blog\/736-thawte-wants-me-to-give-away-my-password.html"},"modified":"2008-07-22T07:43:04","modified_gmt":"2008-07-22T06:43:04","slug":"thawte-wants-me-to-give-away-my-password","status":"publish","type":"post","link":"https:\/\/www.itwriting.com\/blog\/736-thawte-wants-me-to-give-away-my-password.html","title":{"rendered":"Thawte wants me to give away my password"},"content":{"rendered":"

Thawte<\/a> is a supplier of digital certificates. I\u2019ve used the company to purchase certificates for code-signing.<\/p>\n

Today I received an email inviting me to complete a customer survey. I think it is genuine: if I look at the email headers, the source domain belongs to a marketing company called Responsys<\/a> which lists Verisign<\/a> as a customer. Verisign owns Thawte. <\/p>\n

I clicked the link to do the survey. Immediately I was asked to give my username and password into a web page owned by Taylor Nelson Sofres plc<\/a> which is a market research company. Again, looks genuine.<\/p>\n

What username and password? Well, I\u2019m presuming it\u2019s the credentials for my Thawte account that are being requested. Either that, or it\u2019s a very broken survey.<\/p>\n

I don\u2019t get this. An authentication company sends me an (unsigned) email asking me to hand over my credentials to a third-party marketing company?<\/p>\n

Could it be a phishing scam from someone who has hacked into these domains? It\u2019s possible \u2013 I\u2019ve emailed Thawte to complain so I may discover if this is the case.<\/p>\n

Or just another example of woeful security on the Internet?<\/p>\n

Update:<\/strong> just received an email apology from Thawte:<\/p>\n

\n

I wanted to reach out and apologize. The partner survey that was sent out to all recipients will be resent later on today with the correct link which will not require you to supply a user name and password. <\/p>\n

Agreed, that you should not supply login credentials to a third party website.<\/p>\n<\/blockquote>\n

Faulty survey, or a hasty change of mind? Let\u2019s assume the former.<\/p>\n

Technorati tags: thawte<\/a>, security<\/a>, verisign<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"

Thawte is a supplier of digital certificates. I\u2019ve used the company to purchase certificates for code-signing. Today I received an email inviting me to complete a customer survey. I think it is genuine: if I look at the email headers, the source domain belongs to a marketing company called Responsys which lists Verisign as a … Continue reading Thawte wants me to give away my password<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-736","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts\/736","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/comments?post=736"}],"version-history":[{"count":0,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts\/736\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/media?parent=736"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/categories?post=736"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/tags?post=736"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}