Describing security flaws is ok. The bad guys know this anyway. The good guys learn how it works and therefore can better avoid doing stupid things.
The tools (most of them) can be invoked by anybody. Security relies on a password
check.
The tools password check is done by computing a "fingerprint"of the
password and then looking up the "fingerprint" in our data base. The
actual passwords are not stored anywhere in the server or in the tool. Access
to the computer or software will only yield "fingerprint"s. It is
not possible** to reconstruct a password from a fingerprint. (**Well, almost
impossible. We are using standard cryptological means to achieve this.) (Tool
passwords are stored in a different database then web page passwords; this note
is mainly about tool passwords)
To guarantee a "fingerprint" leak would not expose a security risk, we do the fingerprint computations on the server only. The following describes were we become lazy: The passwords are transmitted to the server in the clear. Somebody tapping the telephone wire could see passwords flying by.
We are not only protecting our pages from intruders. We are also concerned about one unit playing a prank on another unit. For this reason we do not provide generic script writing capabilities to individual units. All scripts on this server must be approved by the webmaster.
Be carefull when working on a shared machine. The browser might remember what you typed into a password field. At least destroy the window when you are done.
Do not use the same password for important accounts. If broken in, you don't want to give access to other accounts as well.
Don't type your password into a rogue window masquerading as legitimate tool. Check why the window came up and whether it has a correct url.
Security is like a chain. A chain is only as strong as its weakest link. We have spend our efforts to strenghten the weaker links, but didn't go overboard on working with the stronger ones. Computer security is a very complex topic. Don't ever assume you know it all, unless you are an expert. Even then mistakes can happen.