Business IT - Technology for your business

No. 1 Story

Mobile operators get fixed price spectrum renewal in $3b Government windfall

The Government has offered Australia's three mobile operators, and vividwireless, renewal of their existing spectrum allocated on 15 year licences in the late 90s and early 2000s at set prices, while the Government expects to rake in $3 billion.

 read more
StumbleUponSubmit to redditShare this on TwitterShare on facebook | Print |PDF 

More From

Tattersall's gamble with password security

David M Williams
Wednesday, 24 June 2009 08:09

Business IT - Technology

Page 1 of 2
In this modern day online security is of paramount concern. It comes as a surprise, then, that Tattersall's Sweeps, a prominent Australian gaming company that administers weekly lotto, pools and other gambling products, makes no distinction between upper- and lower-case in passwords.
Microsoft Office 365 Get your free Trial

Related Articles

While using the Tattersall’s online site, Jeff Wharton, Solutions Architect for WARDY IT Solutions discovered he was able to log in successfully whether he entered his password with capital letters or not.

Wharton had believed his password contained a mixture of lower- and upper-case letters as well as numbers. He had assigned this password himself and had always used it when logging in, but it turned out the Tattersall’s web site actually disregarded case. His judicious use of the shift key was all in vain.

To illustrate, this means the Tattersall’s site effectively treats a password like “iTWire77” the same as “ITWIRE77” or “itwire77” or “iTwIrE77” or any other case combination.

Wharton realised this weakened the security of his account and expressed his concern to the company. Specifically, he pointed out that the online facility permits funds to be withdrawn from credit cards and bank accounts and transferred to other credit cards and bank accounts and he expected top-class protection of his financial information.

A Tattersall's Incidents and Complaints Officer responded to Wharton saying,

Tattersall’s treats the privacy and security of all our players’ with the utmost importance. We apply and maintain stringent security standards to protect data that we hold on behalf of our players. In keeping with this, Tatt’s Online password requirements are enforced as follows:-

‘Your Password must be between 8 and 12 characters long, and contain a letter and a number. Passwords should not contain your member ID< first name or surname.’

Tatt’s Online does not impose upper or lower case requirements for passwords.

Thank you for taking the time to provide feedback to Tattersall’s and trust that we have put your mind to rest on this issue.

Does it really matter? Let's look at the numbers.


Start 1 2 Next 

Sponsored Announcements

Kordia To Deploy ComOps Best Practice Safety and Risk Management Platform

David Bass | ComOps, a leading Australian provider of business software products and services, has won a competitive tender to deploy its Salvus safety, r…

You may have missed


Advertisement

- sponsored feature -

The Death of Traditional BI: What’s Next?

How to Make Business Discovery Work for Your Business IP PABX BUYING GUIDE

Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases