Today a friend forwarded me a URL for a software tool that his department just purchases.  This URL contained the UserName/Password needed to access the download site of the software company (no, will not say which company).  When you click the URL you have COMPLETE access to the access keys for the products. 

https://{RealCompanyAndDomainhere}/i.aspx?InvoiceID={RealInvoiceIDGoeshere}&Password={RealPasswordGoesHere}

What really surprised me is that a large software company (this one is pretty big) would allow their URL's to contain this information.  With this URL anyone would be allowed to download the software and have 'legal' keys.

I guess company size/importance does not matter when it comes to security...:(

BTW, I emailed a contact I have at this company to give them the FYI.  Lets see what comes of this.

Till next time,