All tutors from the tutor pages will be given a year's premium membership...
...and then we will double our prices next year once you're tied-in to make up for it. Thanks for being a valued customer.
Private tutor networking website SuperProf has irritated teacher clients of a firm it recently acquired – by handing out hopelessly insecure passwords. SuperProf, headquartered in Paris, recently bought UK-based Tutor Pages. Tutor Pages teachers have been migrated to the SuperProf platform but details of their fees, subjects, …
"All tutors from the tutor pages will <snip> have their accounts updated 'star' tutor status, that usually requires many months of activity to achieve on the platform."
So who are the real star tutors on the platform?
Solving one problem by creating another, impressive.
"I admire your security principles but that's how 99.9% of password resets that are not links are sent. Let's not be too anal eh?"
That, with respect, is the old "Eat shit, 17 Quadrillion flies can't be wrong." argument rehashed. There are many more ways of distributing a password than sending them unencrypted in email. I haven't seen the emails in question, but I suspect these were not one-shot passwords based on the content in the article.
I'll even place odds that they did not use the sensible challenge/response approach of password + text message to your phone for a verification code then require password be changed on first use. Because anyone clueless enough to use your name as part of password is not going to use one-shot passwords either.
Anyway, I'm a Security Architect. Being anal about security is what I do.
You guess correctly. My wife is a tutor, and has been quite livid about this over the weekend, as was I when I saw how they'd assigned the initial 'password'. And yes, both the old super+name one and the new random one are clear text in a plain e-mail.
It makes more sense if you replace "security" with "bullshit".
That pretty much sums up every companies' response to any issue. I don't know why they even bother to say it since it automatically sets off the Bullshit Alarm.
Icon: BS klaxon just about worn out from overuse.
Yeah, there's all these stock phrases people love to wheel out, they didn't mean anything in the first place and they're even worse now that everybody's heard them a hundred times before.
"I apologise if any offence was caused"
(no admission that I was the one who caused it)
"We have implemented robust procedures to make sure that this specific case doesn't happen again"
(we lost the unencrypted CD on a train, next time it'll be a USB stick in a taxi)
"We have upgraded our systems, and the small minority who used X just need to migrate to Y"
(we have downgraded our systems, and the 40% of customers who only signed up to use X are now SOL)
... and so on. Give me a week's worth of news, and I could collect dozens...
> "I apologise if any offence was caused"
> (no admission that I was the one who caused it)
Shirley that would be "We apologise if anyone took offence"
(We didn't cause it, it's your own fault if you got offended. Mumble mumble mumble nanny state mumble PC gone nuts mumble. Suck it up princess.)
I love how they always say that after it has been clearly demonstrated that no, security was NOT taken seriously.
And resetting tutor profiles, inventing new clauses and forcing people to pay again to fix stuff ?
Here's a thought : do your integration on a seperate server, unplugged from the Web, and ensure that all the stuff is properly represented as it was when the customer paid his money the first time. You buy a company, you buy its obligations.
Once you can be sure that the data has been reliably integrated, then you fold it into the production site.
Just a tip for the summer intern who visibly did the job.
Taking security seriously doesn't mean you have cousin Nigel--educated by the London public school system and flunked out of taxi driving school--audit your security practices.
Taking security seriously, means you've built your security policies and procedures around industry best practices, and annually have an outside agency audit your security and risk management programs. Then you take the audit to heart to make changes as necessary to constantly improve.
The world's full of tutor agencies. The best / best paid (and the ones with the "in" to the best heeled punters, ) don't even use them anyway, they get recommendations from previous clients who wouldn't touch an agency. And if these tutors are any good they'd be best away from this crew.
I have an acquaintance whose job appears to be flying around the world tutoring kids of the obscenely rich to prepare them for Prep or Public* school. I believe he's seen the inside of a fair few private jets and super yachts. I'm pretty sure that he's not on the sites in the article :)
Kind of a teacher -->
*"Public schools" in the UK are the most expensive private ones
But unless you already have an "in" you aren't going to get started that way.
I had a quick look at the language tutors on that site and a lot of them in my area are post-grad students supplementing their income.
The site also gives the option of remote tutoring, which would add extra flexibility for the tutors, e.g. single parents working from home.
To elucidate. There are plenty of agencies. In my youth I did a lot of agency work. There are national chains, franchises, local agencies and even cooperatives. Or just advertising in the local paper yourself. And the agencies seem to have plenty of work available.
Also there are plenty who get work from their own schools to start with. It's from those latter ranks that the real super tutors I've met ( not many of them) seem to come from. Teachers who have got jobs in the posher private schools. Super in the sense that they can earn tons of money from the private work tutoring for "Common Entrance" type exams. (Though not as "super" imho as those of us who choose to work for peanuts to help kids who are really needy - it's meant to be a vocation).
Biting the hand that feeds IT © 1998–2019