Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ajw



1311 posts

Uber Geek
+1 received by user: 105


Topic # 74870 9-Jan-2011 08:46
Send private message

Vodafone Australia is not only upsetting its customers with its unreliable network but now millions of its customers details have been readily available on the internet.

http://www.smh.com.au/technology/security/mobile-security-outrage-private-details-accessible-on-net-20110108-19j9j.html

(Mod edit: Added "AU" to title as this does not apply to VFNZ customers at this time - XPD)




aw

Create new topic
2203 posts

Uber Geek
+1 received by user: 613

Trusted

  Reply # 425609 10-Jan-2011 02:31
Send private message

ajw: Vodafone Australia is not only upsetting its customers with its unreliable network but now millions of its customers details have been readily available on the internet.

http://www.smh.com.au/technology/security/mobile-security-outrage-private-details-accessible-on-net-20110108-19j9j.html


I think the important thing about this article is: "Customer information is accessed through a secure web portal, accessible to authorised employees and dealers via a secure login and password."

So...... Yes customer data is available but only to "trusted" staff / dealers... That is no different to how anyone else run their dealer support. They may have a requirement to come in via a VPN first instead of having the portal directly online.  So basically an employee of either Vodafone or a dealer breached their terms of their employment agreement and should end up in court.

But I still believe this is quite a beatup on Vodafone AU since I am sure the same (or similar, perhaps with better security involving another factor and/or VPNs) could be said about all other providers and how they run their dealer support on both sides of the ditch.





3830 posts

Uber Geek
+1 received by user: 1422

Trusted
Subscriber

  Reply # 425630 10-Jan-2011 08:41
Send private message

BarTender:

But I still believe this is quite a beatup on Vodafone AU since I am sure the same (or similar, perhaps with better security involving another factor and/or VPNs) could be said about all other providers and how they run their dealer support on both sides of the ditch.


Well, the same kind of thing could happen in any number of similar scenarios; wherever you have hundreds or thousands of dealers (often low paid and on commission - summer holiday job, anyone?), of anything, where personal data needs to be collected. Think department stores, for example: chains like those are dealers for telcos, but they also do credit checking for personal finance on beds or lounge suites, or take details for warranties on TVs or washing machines.

Anyone like that is vulnerable to an insider being naughty. Hec, I imagine it could happen to the banks, too, if some idiot/nutter gave away the logins to all their customer's internet banking accounts.

The ABC's article breathlessly states that "Mobile phone dealers have also admitted that anyone with full access to the system can look up a customer's bills and make changes to accounts." OMG, really!? People with full access to the system have *full access to the system*? Oh, those whacky telcos and their silly security shenanigans...





iPad Air + iPhone SE + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.


 
 
 
 


BDFL - Memuneh
58115 posts

Uber Geek
+1 received by user: 9641

Administrator
Trusted
Geekzone
Subscriber

  Reply # 425639 10-Jan-2011 09:25
Send private message

I think the SMH doesn't make it clear enough... It seems (as others have commented) the website used to lookup customers details is accessible via the Internet with no extra protection than the username and password.

This kind of website should be, at least, behind a VPN, and to make it even harder limit VPN access to certain IP addresses.

Now, the SMH doesn't say anywhere this was a leak of information, but clearly some individual(s) using their accesses to either sell the information, or spreading their own access details so others can do it.

As pointed out, it seems lack of training and character, bribery, and other human factors are the main problem here, but obviously a newspaper won't have the facts getting on the way of a good story.





BDFL - Memuneh
58115 posts

Uber Geek
+1 received by user: 9641

Administrator
Trusted
Geekzone
Subscriber

  Reply # 426059 11-Jan-2011 11:37
Send private message

Release by Vodafone New Zealand this morning:


Vodafone New Zealand is committed to ensuring that all customer details and private information entrusted to us is safe and secure at all times.

The Vodafone New Zealand customer database and applications are on servers with appropriate access security in place at various levels.

Access to these systems is for approved personnel only via an authentication procedure which requires more than a username and password.

In addition VFNZ has rigorous security policies and procedures including regular audits and security reviews which ensure our customers? data remains protected.

All customer account access is monitored and logged. Should any unusual activity be reported, it will be identified and investigated.

Vodafone New Zealand wishes to assure customers that we take the security of their information very seriously.





Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Security concerns reach new peak, Unisys Security Index
Posted 27-Jun-2017 14:11


Behind Spark’s slow-burn 4.5G plan
Posted 26-Jun-2017 16:23


Red Hat unveils production-ready open source hyperconverged infrastructure
Posted 23-Jun-2017 22:10


Whatever ailed Vodafone broadband … seems to be fixed
Posted 23-Jun-2017 14:10


VMware NSX Meets Stringent Government Security Standards with Common Criteria Certification
Posted 22-Jun-2017 19:05


Brother launches next-generation colour laser printers and all-in- ones for business
Posted 22-Jun-2017 18:56


Intel and IOC announce partnership
Posted 22-Jun-2017 18:50


Samsung Galaxy Tab S3: Best Android tablet
Posted 21-Jun-2017 12:05


Wellington-based company helping secure Microsoft browsers
Posted 20-Jun-2017 20:51


Endace delivers high performance with new 1/10/40 Gbps packet capture card
Posted 20-Jun-2017 20:50


You can now integrate SMX security into Microsoft Office 365, Google and other cloud email platforms
Posted 20-Jun-2017 20:47


Ravensdown launches new decision-making tool HawkEye
Posted 19-Jun-2017 15:38


Spark planning to take on direct management of all consumer stores
Posted 19-Jun-2017 10:03


Qrious acquires Ubiquity
Posted 14-Jun-2017 12:21


Spark New Zealand prepares for 5G with Nokia
Posted 14-Jun-2017 12:16



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.