How to be stupid by mutual agreement

Security issues? Oh yeah, we've heard of them

A reader was somewhat surprised by his ISP's apparent disregard for security when he received an email requesting his username and password.

The request came as part of an update email from themutual.net, telling him what news features had been added, what its "partners" could offer them and why themutual.net was the only ISP he should even consider. Fair enough.

But then some people don't like to have any unsolicited mail and so, being the customer-friendly ISP it is, themutual.net offered an unsubscribe option.

TO UNSUBSCRIBE
To unsubscribe go to http://www.themutual.net/editdetails.tmn. You will need your username (the one beginning tmn) and password. Log in and then tick the appropriate box at the bottom of the form.

[Fair enough so far. But hang on, there's more]

If you have any difficulties, send an email to unsubscribe-external@themutual.net (to unsubscribe from third party mailings) or to unsubscribe-all@themutual.net (to unsubscribe from all mailings, including ours), giving your username and password.

So basically, it is saying to its own customers that if they don't want their details passed on to advertisers, they will need to send confidential information to itself over email. As the reader pointed out: "This is the sort of thing you'd expect to get from a hacker trying to con people into divulging their passwords."

Not terribly bright, you must admit. ®

Sponsored: Designing and building an open ITOA architecture