Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ajw



1288 posts

Uber Geek
+1 received by user: 98


Topic # 74870 9-Jan-2011 08:46 Send private message

Vodafone Australia is not only upsetting its customers with its unreliable network but now millions of its customers details have been readily available on the internet.

http://www.smh.com.au/technology/security/mobile-security-outrage-private-details-accessible-on-net-20110108-19j9j.html

(Mod edit: Added "AU" to title as this does not apply to VFNZ customers at this time - XPD)




aw

Create new topic
2133 posts

Uber Geek
+1 received by user: 569

Trusted

  Reply # 425609 10-Jan-2011 02:31 Send private message

ajw: Vodafone Australia is not only upsetting its customers with its unreliable network but now millions of its customers details have been readily available on the internet.

http://www.smh.com.au/technology/security/mobile-security-outrage-private-details-accessible-on-net-20110108-19j9j.html


I think the important thing about this article is: "Customer information is accessed through a secure web portal, accessible to authorised employees and dealers via a secure login and password."

So...... Yes customer data is available but only to "trusted" staff / dealers... That is no different to how anyone else run their dealer support. They may have a requirement to come in via a VPN first instead of having the portal directly online.  So basically an employee of either Vodafone or a dealer breached their terms of their employment agreement and should end up in court.

But I still believe this is quite a beatup on Vodafone AU since I am sure the same (or similar, perhaps with better security involving another factor and/or VPNs) could be said about all other providers and how they run their dealer support on both sides of the ditch.





3772 posts

Uber Geek
+1 received by user: 1373

Trusted
Subscriber

  Reply # 425630 10-Jan-2011 08:41 Send private message

BarTender:

But I still believe this is quite a beatup on Vodafone AU since I am sure the same (or similar, perhaps with better security involving another factor and/or VPNs) could be said about all other providers and how they run their dealer support on both sides of the ditch.


Well, the same kind of thing could happen in any number of similar scenarios; wherever you have hundreds or thousands of dealers (often low paid and on commission - summer holiday job, anyone?), of anything, where personal data needs to be collected. Think department stores, for example: chains like those are dealers for telcos, but they also do credit checking for personal finance on beds or lounge suites, or take details for warranties on TVs or washing machines.

Anyone like that is vulnerable to an insider being naughty. Hec, I imagine it could happen to the banks, too, if some idiot/nutter gave away the logins to all their customer's internet banking accounts.

The ABC's article breathlessly states that "Mobile phone dealers have also admitted that anyone with full access to the system can look up a customer's bills and make changes to accounts." OMG, really!? People with full access to the system have *full access to the system*? Oh, those whacky telcos and their silly security shenanigans...





iPad Air + iPhone SE + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.


BDFL - Memuneh
57434 posts

Uber Geek
+1 received by user: 9102

Administrator
Trusted
Geekzone
Subscriber

  Reply # 425639 10-Jan-2011 09:25 Send private message

I think the SMH doesn't make it clear enough... It seems (as others have commented) the website used to lookup customers details is accessible via the Internet with no extra protection than the username and password.

This kind of website should be, at least, behind a VPN, and to make it even harder limit VPN access to certain IP addresses.

Now, the SMH doesn't say anywhere this was a leak of information, but clearly some individual(s) using their accesses to either sell the information, or spreading their own access details so others can do it.

As pointed out, it seems lack of training and character, bribery, and other human factors are the main problem here, but obviously a newspaper won't have the facts getting on the way of a good story.





BDFL - Memuneh
57434 posts

Uber Geek
+1 received by user: 9102

Administrator
Trusted
Geekzone
Subscriber

  Reply # 426059 11-Jan-2011 11:37 Send private message

Release by Vodafone New Zealand this morning:


Vodafone New Zealand is committed to ensuring that all customer details and private information entrusted to us is safe and secure at all times.

The Vodafone New Zealand customer database and applications are on servers with appropriate access security in place at various levels.

Access to these systems is for approved personnel only via an authentication procedure which requires more than a username and password.

In addition VFNZ has rigorous security policies and procedures including regular audits and security reviews which ensure our customers? data remains protected.

All customer account access is monitored and logged. Should any unusual activity be reported, it will be identified and investigated.

Vodafone New Zealand wishes to assure customers that we take the security of their information very seriously.





Create new topic



Amazon prices in US$






Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:






Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.