Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ajw



1343 posts

Uber Geek
+1 received by user: 119


Topic # 74870 9-Jan-2011 08:46
Send private message

Vodafone Australia is not only upsetting its customers with its unreliable network but now millions of its customers details have been readily available on the internet.

http://www.smh.com.au/technology/security/mobile-security-outrage-private-details-accessible-on-net-20110108-19j9j.html

(Mod edit: Added "AU" to title as this does not apply to VFNZ customers at this time - XPD)




aw

Create new topic
2237 posts

Uber Geek
+1 received by user: 652

Trusted

  Reply # 425609 10-Jan-2011 02:31
Send private message

ajw: Vodafone Australia is not only upsetting its customers with its unreliable network but now millions of its customers details have been readily available on the internet.

http://www.smh.com.au/technology/security/mobile-security-outrage-private-details-accessible-on-net-20110108-19j9j.html


I think the important thing about this article is: "Customer information is accessed through a secure web portal, accessible to authorised employees and dealers via a secure login and password."

So...... Yes customer data is available but only to "trusted" staff / dealers... That is no different to how anyone else run their dealer support. They may have a requirement to come in via a VPN first instead of having the portal directly online.  So basically an employee of either Vodafone or a dealer breached their terms of their employment agreement and should end up in court.

But I still believe this is quite a beatup on Vodafone AU since I am sure the same (or similar, perhaps with better security involving another factor and/or VPNs) could be said about all other providers and how they run their dealer support on both sides of the ditch.





4028 posts

Uber Geek
+1 received by user: 1607

Trusted
Subscriber

  Reply # 425630 10-Jan-2011 08:41
Send private message

BarTender:

But I still believe this is quite a beatup on Vodafone AU since I am sure the same (or similar, perhaps with better security involving another factor and/or VPNs) could be said about all other providers and how they run their dealer support on both sides of the ditch.


Well, the same kind of thing could happen in any number of similar scenarios; wherever you have hundreds or thousands of dealers (often low paid and on commission - summer holiday job, anyone?), of anything, where personal data needs to be collected. Think department stores, for example: chains like those are dealers for telcos, but they also do credit checking for personal finance on beds or lounge suites, or take details for warranties on TVs or washing machines.

Anyone like that is vulnerable to an insider being naughty. Hec, I imagine it could happen to the banks, too, if some idiot/nutter gave away the logins to all their customer's internet banking accounts.

The ABC's article breathlessly states that "Mobile phone dealers have also admitted that anyone with full access to the system can look up a customer's bills and make changes to accounts." OMG, really!? People with full access to the system have *full access to the system*? Oh, those whacky telcos and their silly security shenanigans...





iPad Air + iPhone SE + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.


 
 
 
 


BDFL - Memuneh
59065 posts

Uber Geek
+1 received by user: 10341

Administrator
Trusted
Geekzone
Subscriber

  Reply # 425639 10-Jan-2011 09:25
Send private message

I think the SMH doesn't make it clear enough... It seems (as others have commented) the website used to lookup customers details is accessible via the Internet with no extra protection than the username and password.

This kind of website should be, at least, behind a VPN, and to make it even harder limit VPN access to certain IP addresses.

Now, the SMH doesn't say anywhere this was a leak of information, but clearly some individual(s) using their accesses to either sell the information, or spreading their own access details so others can do it.

As pointed out, it seems lack of training and character, bribery, and other human factors are the main problem here, but obviously a newspaper won't have the facts getting on the way of a good story.





BDFL - Memuneh
59065 posts

Uber Geek
+1 received by user: 10341

Administrator
Trusted
Geekzone
Subscriber

  Reply # 426059 11-Jan-2011 11:37
Send private message

Release by Vodafone New Zealand this morning:


Vodafone New Zealand is committed to ensuring that all customer details and private information entrusted to us is safe and secure at all times.

The Vodafone New Zealand customer database and applications are on servers with appropriate access security in place at various levels.

Access to these systems is for approved personnel only via an authentication procedure which requires more than a username and password.

In addition VFNZ has rigorous security policies and procedures including regular audits and security reviews which ensure our customers? data remains protected.

All customer account access is monitored and logged. Should any unusual activity be reported, it will be identified and investigated.

Vodafone New Zealand wishes to assure customers that we take the security of their information very seriously.





Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

From small to medium and beyond: Navigating the ERP battlefield
Posted 21-Nov-2017 21:12


Business owners: ERP software selection starts (and finishes) with you
Posted 21-Nov-2017 21:11


Why I'm not an early adopter
Posted 21-Nov-2017 10:39


Netatmo launches smart home products in New Zealand
Posted 20-Nov-2017 20:06


Huawei Mate 10: Punchy, long battery life, artificial intelligence
Posted 20-Nov-2017 16:30


Propel launch Disney Star Wars Laser Battle Drones
Posted 19-Nov-2017 21:26


UFB killer app: Speed
Posted 17-Nov-2017 17:01


The case for RSS — MacSparky
Posted 13-Nov-2017 14:35


WordPress and Indieweb: Take control of your online presence — 6:30 GridAKL Nov 30
Posted 11-Nov-2017 13:43


Chorus reveals technology upgrade for schools, students
Posted 10-Nov-2017 10:28


Vodafone says Internet of Things (IoT) crucial for digital transformation
Posted 10-Nov-2017 10:06


Police and Facebook launch AMBER Alerts system in NZ
Posted 9-Nov-2017 10:49


Amazon debuts Fire TV Stick Basic Edition in over 100 new countries
Posted 8-Nov-2017 05:34


Vodafone VoIP transition to start this month
Posted 7-Nov-2017 12:33


Spark enhances IoT network capability
Posted 7-Nov-2017 11:33



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.