**WARNING** Subway Subcards Privacy Issues.
By Steve Biddle, in
General, posted: 28-Dec-2006 11:03
I've been a Subway fan since they first opened in NZ so was a little disappointed when their sticker program ended earlier in the year but was quite excited when a friend who works there told me it was being replaced by a new swipe card system that would offer a lot of extra benefits.
Sunway launched these cards a few weeks ago but I only got around to picking mine up yesterday and the concept is cool - you buy your goods and card is scanned which credits your card/account with money for every sub you purchase and these can be used towards the purchase of a product once you have a minimum of $3. You will also be able to top this card up over the internet in the new year so it will end up being a prepaid card and there will apparently be lots of bonus points features occuring over time.
You can log into the subway website to view your card balance. The first time you log on you are prompted to enter your personal details including name, date of birth, gender, address, contact numbers and email address.
The scary part? Access to the website is by entering the 16 digit card number and 4 digit security code that is printed ON THE BACK of your Subcard for anybody to see! http://thor.evolution.co.nz/Subway-Customer/Login.html
If you lose your card anybody who finds it now has access to your personal details and can change them instantly online to be their own and also has access to any credit you have loaded onto the card.
Subway say they can replace registered cards
But if somebody gets hold of my card and changes my details before I notify them the card is no longer mine because it will have somebody else's details on it so I have absolutely no hope of getting my credit back.
Sorry Subway I think you've blown it big time with your customer privacy this time. Like Pago who fail to impliment security procedures to stop accounts being hijacked you're now exposing your customers private details to anybody who wants to see them. This is simply not good enough. To access the web page users should have been requested to enter an account password which would have been so simple to add at the time the project was developed. Whoever worked as a Business Analyst for this project should go back to school and retrain as something else.
Sunway launched these cards a few weeks ago but I only got around to picking mine up yesterday and the concept is cool - you buy your goods and card is scanned which credits your card/account with money for every sub you purchase and these can be used towards the purchase of a product once you have a minimum of $3. You will also be able to top this card up over the internet in the new year so it will end up being a prepaid card and there will apparently be lots of bonus points features occuring over time.
You can log into the subway website to view your card balance. The first time you log on you are prompted to enter your personal details including name, date of birth, gender, address, contact numbers and email address.
The scary part? Access to the website is by entering the 16 digit card number and 4 digit security code that is printed ON THE BACK of your Subcard for anybody to see! http://thor.evolution.co.nz/Subway-Customer/Login.html
If you lose your card anybody who finds it now has access to your personal details and can change them instantly online to be their own and also has access to any credit you have loaded onto the card.
Subway say they can replace registered cards
You must notify us immediately by calling [0800 78 222 73] if your SUBCARDTM is lost, stolen or destroyed. Provided your old SUBCARDTM was registered, we will issue you with a replacement SUBCARDTM and freeze the remaining SUBWAY® Reward Dollars and cash balance on your old SUBCARDTM from the time that you report to us that your SUBCARDTM is lost, stolen or destroyed.
To credit a replacement SUBCARDTM with previously earned SUBWAY® Reward Dollars or a previously loaded cash balance we will require proof of your identity (including photo identification). The crediting of a replacement SUBCARDTM is at our sole discretion.
But if somebody gets hold of my card and changes my details before I notify them the card is no longer mine because it will have somebody else's details on it so I have absolutely no hope of getting my credit back.
Sorry Subway I think you've blown it big time with your customer privacy this time. Like Pago who fail to impliment security procedures to stop accounts being hijacked you're now exposing your customers private details to anybody who wants to see them. This is simply not good enough. To access the web page users should have been requested to enter an account password which would have been so simple to add at the time the project was developed. Whoever worked as a Business Analyst for this project should go back to school and retrain as something else.
Why is upgrading Windows Defender so hard?
By Steve Biddle, in
General, posted: 7-Dec-2006 14:10
Like any Windows user who uses Windows Defender you would have had an upgrade message appear over the past 24 hours because a new version of this software is available. What intrigues me is why Microsoft have made upgrading this software such a big hassle, particularly for Windows users who may not be computer experts. I thought things were supposed to be getting easier, not more complicated!
Step 1:
Click on download box inside Windows Defender, this redirects you to the website.
Step2:
Click on the button to proceed with Windows Genuine Advantage check.
Step3:
Install WGA ActiveX toolbar by right clicking and allowing it to run. WGA congratulates me for having a licenced copy of XP. What a waste of time - any h8cker out there knows how to get around this anyway.
Step4:
Download Windows Defender
Step5:
Run the downloaded file
Step6:
Manually close down Windows Defender because installation says it's already running
Step7:
Read complex licence that basically says our software could send back your private info to MS from your PC but don't worry we won't be identifying you.
Step8:
Download latest updates
Step9:
Reauthorise existing apps that I want to keep running that it has identified as security issues.
You've got me MS - I don't think you could make the upgrade process more complex if you tried. No novice computer user will really be able to easily follow these steps and you wonder why Spyware is everywhere..
Step 1:
Click on download box inside Windows Defender, this redirects you to the website.
Step2:
Click on the button to proceed with Windows Genuine Advantage check.
Step3:
Install WGA ActiveX toolbar by right clicking and allowing it to run. WGA congratulates me for having a licenced copy of XP. What a waste of time - any h8cker out there knows how to get around this anyway.
Step4:
Download Windows Defender
Step5:
Run the downloaded file
Step6:
Manually close down Windows Defender because installation says it's already running
Step7:
Read complex licence that basically says our software could send back your private info to MS from your PC but don't worry we won't be identifying you.
Step8:
Download latest updates
Step9:
Reauthorise existing apps that I want to keep running that it has identified as security issues.
You've got me MS - I don't think you could make the upgrade process more complex if you tried. No novice computer user will really be able to easily follow these steps and you wonder why Spyware is everywhere..
Woosh WiMax no more?
By Steve Biddle, in
General, posted: 23-Nov-2006 12:51
The government have just announced that their will be a spectrum auction next year for the 2.3Ghz band.
http://www.beehive.govt.nz/ViewDocument.aspx?DocumentID=27807
This means that Woosh's ill-fated attempt to acquire WiMax spectrum through the backdoor from other licence holders has done nothing! The outcome of these actions could be very interesting..
Worlds first WCDMA/HSDPA 900MHz live network trial
By Steve Biddle, in
General, posted: 14-Nov-2006 18:20
Nokia and Finnish telecom operator Elisa have carried out the world's first WCDMA/HSDPA data call on the 900 MHz band in a commercial network.
http://www.cellular-news.com/story/20406.php
Vodafone NZ are planning on deploying the same solution here next year.
http://www.cellular-news.com/story/20406.php
Vodafone NZ are planning on deploying the same solution here next year.
Permalink to Worlds first WCDMA/HSDPA 900MHz live network trial
| Add a comment
(5 comments)
| Main Index
Great service from online retailers
By Steve Biddle, in
General, posted: 14-Nov-2006 09:48
We tend to hear and read a lot of complaints from people who have received poor service from online retailers so I thought it was time I congratulated a few stores that I have received excellent service from
www.flashcards.co.nz
These guys have to set the benchmark when it comes to providing service - a great website, great customer service and overnight delivery in most cases. If you're after any flash media you have to be stupid to go elsewhere (and they sponsored Geekzone 06!)
www.aquilatech.co.nz
I've purchased various items of hardware from Aquilatech recently and they are another example of how to keep customers happy - provide great service & great pricing.
Plenty of other retailers could learn a lot from the retailers above!
www.flashcards.co.nz
These guys have to set the benchmark when it comes to providing service - a great website, great customer service and overnight delivery in most cases. If you're after any flash media you have to be stupid to go elsewhere (and they sponsored Geekzone 06!)
www.aquilatech.co.nz
I've purchased various items of hardware from Aquilatech recently and they are another example of how to keep customers happy - provide great service & great pricing.
Plenty of other retailers could learn a lot from the retailers above!
Vodafone really are smart
By Steve Biddle, in
General, posted: 3-Nov-2006 07:43
My last few posts have knocked Vodafone so I thought it was time to say something nice about them.
Supa PrePay & BestMate is a *very* smart move by Vodafone.
The mobile market these days is all about making money. Unlike the past where it was all about growing customer numbers, the fact all the mobile operators paid far too much for their 3G licences means they now need to recoup the cost!
Both Vodafone & Telecom have a PrePay APRU (average revenue per user) of ~ $25 per month. So how does Supa PrePay affect this? As we all know the cost of voice calls and SMS's these days is very minimal, especially for on network traffic. With $10 TXT2000 Vodafone are now getting a guaranteed $10 upfront from their customers and BestMate gives them $6 revenue upfront. From what I've heard in the past 24 hours the uptake rate of Supa Prepay & BestMate has been better than expected which is great news for Vodafone - they are effectively getting $16 per month upfront from a growing number of PrePay users whereas before their guaranteed revenue was $0. With calls now rounded up to the nearest minute it's logical that the APRU for an average Supa PrePay user with BestMate & TXT2000 will now exceed that $25 average. That's what I call being smart.
All Vodafone need to do now is start the same way of thinking when it comes to on account plans. It's not about exploiting users, it's about making them feel like they are receiving value for money while setting monthly plan pricing that will grow your ARPU. Offering people compelling plans for around $60 per month which gives them maybe 300 mins of anytime calls/video calls and a large number of SMS's and some included data would be perfect for a large number of users. Offer the plan and the customers will come..
Supa PrePay & BestMate is a *very* smart move by Vodafone.
The mobile market these days is all about making money. Unlike the past where it was all about growing customer numbers, the fact all the mobile operators paid far too much for their 3G licences means they now need to recoup the cost!
Both Vodafone & Telecom have a PrePay APRU (average revenue per user) of ~ $25 per month. So how does Supa PrePay affect this? As we all know the cost of voice calls and SMS's these days is very minimal, especially for on network traffic. With $10 TXT2000 Vodafone are now getting a guaranteed $10 upfront from their customers and BestMate gives them $6 revenue upfront. From what I've heard in the past 24 hours the uptake rate of Supa Prepay & BestMate has been better than expected which is great news for Vodafone - they are effectively getting $16 per month upfront from a growing number of PrePay users whereas before their guaranteed revenue was $0. With calls now rounded up to the nearest minute it's logical that the APRU for an average Supa PrePay user with BestMate & TXT2000 will now exceed that $25 average. That's what I call being smart.
All Vodafone need to do now is start the same way of thinking when it comes to on account plans. It's not about exploiting users, it's about making them feel like they are receiving value for money while setting monthly plan pricing that will grow your ARPU. Offering people compelling plans for around $60 per month which gives them maybe 300 mins of anytime calls/video calls and a large number of SMS's and some included data would be perfect for a large number of users. Offer the plan and the customers will come..
Vodafone Supa Prepay & Vodafone You Lose (oops You Choose)
By Steve Biddle, in
General, posted: 31-Oct-2006 18:09
Today Vodafone NZ launched Supa prepay. With their new billing system upgrade that allows monthly charging features to be added to a Pre Pay account it's now possible to have addons on your Pre Pay account.
From today Vodafone's base Supa PrePay account has call charges of 89c per minute 24/7 with topups required every 3 months and also features $2 capped calls for up to w hours. Two monthy addons are also available - $6 per month for BestMate offering you the ability to nominate a single Vodafone number that you can voice call/video call/txt all you want in a month, and $10 for 2000 Vodafone->Vodafone SMS.
While this account is good news for many PrePay customers it's not suitable for all, and some people will be better off on their existing accounts which offer 49c calling 24/7 and per second billing after the first minute until Supa PrePay which is rounded up to the nearest minute.
What Vodafone have done yet again however is shafted customers on their You Choose plans. Yet again PrePay customers who have a substancially lower ARPU are being treated as special customers yet those customers who choose to enter into a contract with Vodafone are yet again being completely and utterly shafted by a company who obviously has very little idea on how to maintain customer happiness & loyalty.
If you're a customer on You Choose 20 you're currently paying $19.95 per month for 20 minutes of airtime with excess airtime charged at 99c per minute and can choose an AddOn and pay $9.95 per month for 1000 Vodafone->Vodafone SMS's.
If you're on this You Choose plan I would suggest you make contact with Vodafone and personally thank them for shafting you once again. You're currently trapped in a minimum 12 month term contract and your mates on PrePay are now getting a far better deal.
You Choose? More like You Lose.
If Vodafone has a single person in their marketing department right now with a brain they would would currently be offering some sort of sweetener to all their on account customers. We know that the above scenario will change early next year once on account customers are moved to the new billing platform but to be ripping your existing customers off while new customers get a better deal is just plain dumb.
From today Vodafone's base Supa PrePay account has call charges of 89c per minute 24/7 with topups required every 3 months and also features $2 capped calls for up to w hours. Two monthy addons are also available - $6 per month for BestMate offering you the ability to nominate a single Vodafone number that you can voice call/video call/txt all you want in a month, and $10 for 2000 Vodafone->Vodafone SMS.
While this account is good news for many PrePay customers it's not suitable for all, and some people will be better off on their existing accounts which offer 49c calling 24/7 and per second billing after the first minute until Supa PrePay which is rounded up to the nearest minute.
What Vodafone have done yet again however is shafted customers on their You Choose plans. Yet again PrePay customers who have a substancially lower ARPU are being treated as special customers yet those customers who choose to enter into a contract with Vodafone are yet again being completely and utterly shafted by a company who obviously has very little idea on how to maintain customer happiness & loyalty.
If you're a customer on You Choose 20 you're currently paying $19.95 per month for 20 minutes of airtime with excess airtime charged at 99c per minute and can choose an AddOn and pay $9.95 per month for 1000 Vodafone->Vodafone SMS's.
If you're on this You Choose plan I would suggest you make contact with Vodafone and personally thank them for shafting you once again. You're currently trapped in a minimum 12 month term contract and your mates on PrePay are now getting a far better deal.
You Choose? More like You Lose.
If Vodafone has a single person in their marketing department right now with a brain they would would currently be offering some sort of sweetener to all their on account customers. We know that the above scenario will change early next year once on account customers are moved to the new billing platform but to be ripping your existing customers off while new customers get a better deal is just plain dumb.
Permalink to Vodafone Supa Prepay & Vodafone You Lose (oops You Choose)
| Add a comment
(20 comments)
| Main Index
IE7 Spoofing Trick
By Steve Biddle, in
General, posted: 27-Oct-2006 20:55
So what appears to be the first "security flaw" in Microsoft's newly released browser has appeared.
Description:
A weakness has been discovered in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks.
The problem is that it's possible to display a popup with a somewhat spoofed address bar where a number of special characters have been appended to the URL. This makes it possible to only display a part of the address bar, which may trick users into performing certain unintended actions.
http://secunia.com/advisories/22542/
An example of the spoof is here:
http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/
Description:
A weakness has been discovered in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks.
The problem is that it's possible to display a popup with a somewhat spoofed address bar where a number of special characters have been appended to the URL. This makes it possible to only display a part of the address bar, which may trick users into performing certain unintended actions.
http://secunia.com/advisories/22542/
An example of the spoof is here:
http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/
My New Toy - A Microsoft Laser Mouse 5000
By Steve Biddle, in
General, posted: 23-Oct-2006 20:44
I splashed out today and got myself a new mouse. Having always purchased cheap mice I decided I wanted something that actually feels nice and spent some of my hard earned cash at Harvey Norman who where nice and gave me a 10% discount off the $99 pricetag (only after I asked though for it despite the big sign saying keyboards & mice were all less 10%, their hopeless checkout system didn't automatically give the discount).
After a few hours of use all I can say is that it's well worth the money. Considering how much use my mouse gets I certainly almost wish I'd upgraded earlier!
http://www.microsoft.com/hardware/mouseandkeyboard/productdetails.aspx?pid=068
After a few hours of use all I can say is that it's well worth the money. Considering how much use my mouse gets I certainly almost wish I'd upgraded earlier!
http://www.microsoft.com/hardware/mouseandkeyboard/productdetails.aspx?pid=068
Econet
By Steve Biddle, in
General, posted: 11-Oct-2006 14:00
After reading portege's recent blog post (http://www.geekzone.co.nz/portege/1542)I found this pdf on the Econet site
http://www.econetwireless.co.nz/html/pdf/presoliesdamnedlies160806.pdf#search=%22econet%20north%20island%20cellsites%22
It makes quite amusing reading particularly the last summary page
http://www.econetwireless.co.nz/html/pdf/presoliesdamnedlies160806.pdf#search=%22econet%20north%20island%20cellsites%22
It makes quite amusing reading particularly the last summary page
Econet’s Journey
•Econet traveled over 4,000km to visit every one of these sites.
•We drove over 1,000km on unsealed, gravel and dirt roads.
•We hit ice several times.
•We walked through driving rain and snowy fields to take these pictures.
•Our car got stuck in the mud several times when driving over muddy access tracks.
•We would much prefer to have been:
•Building a competitive new network
•Bringing competitive new products and services to market
•Fighting Vodafone and Telecom for new customers
•Instead, 5-years after the 2001 Telecommunications Act, we are still fighting for a fair go. We are still fighting just for the right to get started.
Heeellllllloooooo anybody home?
There is nothing stopping you building a network! Get of your ass, stop moaning and actually do something about it. Co-location is a good idea and should be encouraged however Econet's belief that it's their god given right to have access to every single site in the country so they don't have to build a single mast of their own is just one big hazy dream.
How about showing us a photo of some of the gear you had to airfright into NZ because you were in such a hurry to build a trial network? Oops maybe it doesn't exist. How about showing us some of your lease agreements for land or RMA lodgements for sites? Oops maybe they don't exist either.
Econet Vaporware - your next generation mobile network (tm)
