Whither security?

Today, I was given the login to my employer’s online portal where I can access my pay details and apply for leave, etc. It’s a SAP based system and I believe the same system serves all other research institutes under the parent organization.

The login details were given to me personally by the HR officer in a sealed envelope and she made it a point to ask me to change my password immediately after the first login. This account information comes directly from the SAP systems’ admin, I understand; it was unseen by anyone in between and the sealed envelope I opened was proof positive of that.

Pretty secure procedures I would say. All that was missing was a ‘CLASSIFIED’ stamp on the envelope. But here comes the kicker (there always is, isn’t it? ;-)…

The site where I am to logon to the portal runs on plain HTTP!! With all that show of privacy and secrecy and what not, you would expect, nay, assume the site to implement SSL. But no! Plain HTTP it is!

We can’t trust our HR people with employee passwords but if someone with a packet sniffer wants to hijack your password while you login, well more power to him!

Anyway, on to other stuff. Boss is out of town since yesterday and with nothing to do having finished what he asked me to do, I started coding more in Python. Finished writing a small image viewer program. It’s just about 150 lines of code!

There have been more rumblings about a Google branded browser. Jason Kottke writes that Google has been hiring ex-IE engineers (shudder ;-)) and working with Mozilla. Perhaps the most damning piece of evidence (in the tabloid sense) is that they’ve registered the domain gbrowser.com How much more convincing do you need?!

In sort of related news, did anyone notice the new changes in Gmail? The Spam folder finally shows the number of new spam messages. This notification is needed to remind me to look into it from time to time in case a valid email got misclassified as spam. The ads have changed position too. They are now after the message (or conversation) at the bottom, instead of at the side. This helps prevent breaking of some HTML formatted emails (the ad used to overlay such mails) but I am not sure what kind of ‘attention’ these ads will get, tucked away at the bottom like that.