Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


aw

aw

273 posts

Ultimate Geek


#81301 11-Apr-2011 13:16
Send private message

I had a client who recently called up Vodafone over a billing query she had with them, and while getting it sorted, apparently she was asked what her password was. She couldn't remember and instead a new one was set (without any instructions to update the ADSL modem, which led to another helpdesk call when she lost internet only to be told her modem needed replacing, but that's another issue!).

This client is non-technical and doesn't clearly remember the course of the conversation or how the password was asked for. I'm not sure if the CSR was able to see it or not as the client told me the conversation went something like "no, that's not it ... no not that either" but she tells me the CSR did try to give a couple of clues to jog her memory.

This got me curious...

Do Vodafone, or for that matter ISPs in general, store their users' passwords in cleartext and can helpdesk and accounts CSRs see these passwords?

If so, this seems pretty lax. Is it true?

Create new topic
magu
Professional yak shaver
1599 posts

Uber Geek

Trusted
BitSignal
Lifetime subscriber

  #457490 11-Apr-2011 13:44
Send private message

As far as I know, they ask for a PIN for the account. Although it is perfectly plausible that they store the passwords in plain-text for recovery purposes.




"Roads? Where we're going, we don't need roads." - Doc Emmet Brown

reven
3469 posts

Uber Geek

Trusted

  #457493 11-Apr-2011 13:54
Send private message

at the very least they would be encrypted and they would just have the ability to decrypt them.

they won't be stored in clear text.

 
 
 
 


magu
Professional yak shaver
1599 posts

Uber Geek

Trusted
BitSignal
Lifetime subscriber

  #457495 11-Apr-2011 14:01
Send private message

reven: at the very least they would be encrypted and they would just have the ability to decrypt them.

they won't be stored in clear text.


That's what I meant, of course. 




"Roads? Where we're going, we don't need roads." - Doc Emmet Brown

jaymz
1096 posts

Uber Geek


  #457514 11-Apr-2011 14:35
Send private message

I have always wondered why ISP's don't implment remote access to the routers themselves?

This would be a perfect case of where it would work perfectly.

Their modems that they supply the customer come pre-configured, so why not add the option of remote support to them. 

Of course this wouldnt work for people who know how to get into the modems and change settings, however for those who don't, the helpdesk support dude can connect in after confirming that the user has the original modem.

They already have the IP address of the device, so they can log in and change the password on the device for the user for them.



Regs
4062 posts

Uber Geek

Trusted
Snowflake

  #457525 11-Apr-2011 14:54
Send private message

reven: at the very least they would be encrypted and they would just have the ability to decrypt them.

they won't be stored in clear text.


LOL. "would be encrypted". based on what?

there have been a few high profile hacks recently where usernames/passwords have been extracted from system where everything was plain text...

i agree, they "should" be encrypted - but assuming "would" is a bit of a leap.




Regs
4062 posts

Uber Geek

Trusted
Snowflake

  #457528 11-Apr-2011 14:58
Send private message

jaymz: I have always wondered why ISP's don't implment remote access to the routers themselves?

This would be a perfect case of where it would work perfectly.

Their modems that they supply the customer come pre-configured, so why not add the option of remote support to them. 

Of course this wouldnt work for people who know how to get into the modems and change settings, however for those who don't, the helpdesk support dude can connect in after confirming that the user has the original modem.

They already have the IP address of the device, so they can log in and change the password on the device for the user for them.




i think that telecom shipped the original jetstream adsl nokia modems with this capability.  there was a seperate vlan for management.

you certainly wouldnt want to have remote access to the modems on the public WAN though.  serious security hole there.

the problem with having remote access to consumer modems though, is that you would:
(1) be accused of big brother
(2) be potentially held responsible for any security breaches
(3) be expected to fix any problem remotely, which incurs extra cost and probably requires more technical expertise at the call center




jaymz
1096 posts

Uber Geek


  #457544 11-Apr-2011 15:29
Send private message

Regs:

i think that telecom shipped the original jetstream adsl nokia modems with this capability.  there was a seperate vlan for management.

you certainly wouldnt want to have remote access to the modems on the public WAN though.  serious security hole there.

the problem with having remote access to consumer modems though, is that you would:
(1) be accused of big brother
(2) be potentially held responsible for any security breaches
(3) be expected to fix any problem remotely, which incurs extra cost and probably requires more technical expertise at the call center


Fair call,  I guess the cheaper modems that they supply don't have the ability to secure the connections with certificates.

I suppose one way they could get around it would be to sell the plans with a "Managed Routers" option.  essentially stop user access to the management of the router and only allow the ISP access (like telecom's one office)



 
 
 
 


Regs
4062 posts

Uber Geek

Trusted
Snowflake

  #457601 11-Apr-2011 20:01
Send private message

jaymz: I suppose one way they could get around it would be to sell the plans with a "Managed Routers" option.  essentially stop user access to the management of the router and only allow the ISP access (like telecom's one office)


i had though that orcon was offering this in their homehub, but i cant see anything on their website.

here is an article about the BT HomeHub and the massive security hole in its remote assistance feature.  some 2,000,000 routers became vulnerable to full take over from remote hackers:
http://www.theregister.co.uk/2007/10/22/home_hub_vuln_plugged/

you can easily see how this could turn into a costly legal and PR nightmare.  the safest option is probably just not offering such a service for consumers.




Jaxar
383 posts

Ultimate Geek


  #457903 12-Apr-2011 16:06
Send private message

VF CSR's cannot see a customers broadband password on the account in plain text. There are naturally password retrieval methods. I suspect that is where the "no that's not it either" statement originated from.


Nobody should be giving out password hints and under normal circumstances this should not even be possible. I can imagine a scenario where a customer might make a guess that there password is xyz123 and a CSR might ask could the password be abc123.




Please note: I have a professional bias towards Vodafone.

Create new topic





News »

Vodafone enables 5G roaming - for when international travel comes
Posted 30-Oct-2020 15:03


Spark awards funding to Kiwi businesses in 5G funding initiative
Posted 30-Oct-2020 14:58


Huawei launches IdeaHub Pro in New Zealand
Posted 27-Oct-2020 16:41


Southland-based IT specialist providing virtual services worldwide
Posted 27-Oct-2020 15:55


NASA discovers water on sunlit surface of Moon
Posted 27-Oct-2020 08:30


Huawei introduces new features to Petal Search, Maps and Docs
Posted 26-Oct-2020 18:05


Nokia selected by NASA to build first ever cellular network on the Moon
Posted 21-Oct-2020 08:34


Nanoleaf enhances lighting line with launch of Triangles and Mini Triangles
Posted 17-Oct-2020 20:18


Synology unveils DS16211+
Posted 17-Oct-2020 20:12


Ingram Micro introduces FootfallCam to New Zealand channel
Posted 17-Oct-2020 20:06


Dropbox adopts Virtual First working policy
Posted 17-Oct-2020 19:47


OPPO announces Reno4 Series 5G line-up in NZ
Posted 16-Oct-2020 08:52


Microsoft Highway to a Hundred expands to Asia Pacific
Posted 14-Oct-2020 09:34


Spark turns on 5G in Auckland
Posted 14-Oct-2020 09:29


AMD Launches AMD Ryzen 5000 Series Desktop Processors
Posted 9-Oct-2020 10:13









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.