Posted by: h4ck@lyst | January 8, 2008

acads.in

Received a invite from a friend about acads.in Well its a site that lets you have a email address like  username@ur_institute_name.acads.in. Well it could be nice to have such mails for many people to whom their institute is unable to provide an institutional email id. Also it is something that you can keep even after you get out of your college. For example, my college provides us email ids like rollno@nitt.edu but that cease to exists once you pass out of here. The acads.in mail id forwards all the mails sent to ur acads.in account to your normal gmail account. Basically acads.in doesnt provide any inbox but just an email alias. Like the way C_O_R_E@pragyan.org works. (email slightly modified to prevent bots from taking it up) . There is no inbox for the core. Any mail to the core id gets forwarded to the individual mail id s of the core members.

Well it could be a nice effort, and like many it also has a invite your friends from your gmail account feature, but still there were quite a few things about the site that needs to be cautious about. Its a not all that secure site. It doesnt have https://  even on login pages. It claims NOT to save your gmail account information. But it does save your acads.in password in clear text  or in a way using which your password can be reproduced, in whatever db they use. I think I can say so coz I immediately tried the forget your password link to confirm what my user id was.(its username@insti.acads.in rather than just username) And they sent me back my acads.in password! Now had they used a encryption like say MD5 (the only one that I mostly use other than SSHA , SHA, encrypt and md5crypt, that too just for my ldap account), then as far as I know it would not have been possible to send back the actual password cause its not all that real easy to decipher/decrypt a md5 hash. Though I know little about the other encryptions. If you go to any major sites forgot your password link, you can, after authenticating your identity in one way or other reset your password but you certainly never get  back your actual password. Hmm.. I might be wrong about this but some how the site made me frown as soon as I saw my actual password mailed back to me:(

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: