Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


aw



273 posts

Ultimate Geek


# 81301 11-Apr-2011 13:16
Send private message

I had a client who recently called up Vodafone over a billing query she had with them, and while getting it sorted, apparently she was asked what her password was. She couldn't remember and instead a new one was set (without any instructions to update the ADSL modem, which led to another helpdesk call when she lost internet only to be told her modem needed replacing, but that's another issue!).

This client is non-technical and doesn't clearly remember the course of the conversation or how the password was asked for. I'm not sure if the CSR was able to see it or not as the client told me the conversation went something like "no, that's not it ... no not that either" but she tells me the CSR did try to give a couple of clues to jog her memory.

This got me curious...

Do Vodafone, or for that matter ISPs in general, store their users' passwords in cleartext and can helpdesk and accounts CSRs see these passwords?

If so, this seems pretty lax. Is it true?

Create new topic
Professional yak shaver
1599 posts

Uber Geek

Trusted
BitSignal
Lifetime subscriber

  # 457490 11-Apr-2011 13:44
Send private message

As far as I know, they ask for a PIN for the account. Although it is perfectly plausible that they store the passwords in plain-text for recovery purposes.




"Roads? Where we're going, we don't need roads." - Doc Emmet Brown

3452 posts

Uber Geek

Trusted

  # 457493 11-Apr-2011 13:54
Send private message

at the very least they would be encrypted and they would just have the ability to decrypt them.

they won't be stored in clear text.

 
 
 
 


Professional yak shaver
1599 posts

Uber Geek

Trusted
BitSignal
Lifetime subscriber

  # 457495 11-Apr-2011 14:01
Send private message

reven: at the very least they would be encrypted and they would just have the ability to decrypt them.

they won't be stored in clear text.


That's what I meant, of course. 




"Roads? Where we're going, we don't need roads." - Doc Emmet Brown

1094 posts

Uber Geek


  # 457514 11-Apr-2011 14:35
Send private message

I have always wondered why ISP's don't implment remote access to the routers themselves?

This would be a perfect case of where it would work perfectly.

Their modems that they supply the customer come pre-configured, so why not add the option of remote support to them. 

Of course this wouldnt work for people who know how to get into the modems and change settings, however for those who don't, the helpdesk support dude can connect in after confirming that the user has the original modem.

They already have the IP address of the device, so they can log in and change the password on the device for the user for them.



Cloud Guru
4060 posts

Uber Geek

Trusted
Snowflake
Subscriber

  # 457525 11-Apr-2011 14:54
Send private message

reven: at the very least they would be encrypted and they would just have the ability to decrypt them.

they won't be stored in clear text.


LOL. "would be encrypted". based on what?

there have been a few high profile hacks recently where usernames/passwords have been extracted from system where everything was plain text...

i agree, they "should" be encrypted - but assuming "would" is a bit of a leap.




Cloud Guru
4060 posts

Uber Geek

Trusted
Snowflake
Subscriber

  # 457528 11-Apr-2011 14:58
Send private message

jaymz: I have always wondered why ISP's don't implment remote access to the routers themselves?

This would be a perfect case of where it would work perfectly.

Their modems that they supply the customer come pre-configured, so why not add the option of remote support to them. 

Of course this wouldnt work for people who know how to get into the modems and change settings, however for those who don't, the helpdesk support dude can connect in after confirming that the user has the original modem.

They already have the IP address of the device, so they can log in and change the password on the device for the user for them.




i think that telecom shipped the original jetstream adsl nokia modems with this capability.  there was a seperate vlan for management.

you certainly wouldnt want to have remote access to the modems on the public WAN though.  serious security hole there.

the problem with having remote access to consumer modems though, is that you would:
(1) be accused of big brother
(2) be potentially held responsible for any security breaches
(3) be expected to fix any problem remotely, which incurs extra cost and probably requires more technical expertise at the call center




1094 posts

Uber Geek


  # 457544 11-Apr-2011 15:29
Send private message

Regs:

i think that telecom shipped the original jetstream adsl nokia modems with this capability.  there was a seperate vlan for management.

you certainly wouldnt want to have remote access to the modems on the public WAN though.  serious security hole there.

the problem with having remote access to consumer modems though, is that you would:
(1) be accused of big brother
(2) be potentially held responsible for any security breaches
(3) be expected to fix any problem remotely, which incurs extra cost and probably requires more technical expertise at the call center


Fair call,  I guess the cheaper modems that they supply don't have the ability to secure the connections with certificates.

I suppose one way they could get around it would be to sell the plans with a "Managed Routers" option.  essentially stop user access to the management of the router and only allow the ISP access (like telecom's one office)



 
 
 
 


Cloud Guru
4060 posts

Uber Geek

Trusted
Snowflake
Subscriber

  # 457601 11-Apr-2011 20:01
Send private message

jaymz: I suppose one way they could get around it would be to sell the plans with a "Managed Routers" option.  essentially stop user access to the management of the router and only allow the ISP access (like telecom's one office)


i had though that orcon was offering this in their homehub, but i cant see anything on their website.

here is an article about the BT HomeHub and the massive security hole in its remote assistance feature.  some 2,000,000 routers became vulnerable to full take over from remote hackers:
http://www.theregister.co.uk/2007/10/22/home_hub_vuln_plugged/

you can easily see how this could turn into a costly legal and PR nightmare.  the safest option is probably just not offering such a service for consumers.




383 posts

Ultimate Geek


  # 457903 12-Apr-2011 16:06
Send private message

VF CSR's cannot see a customers broadband password on the account in plain text. There are naturally password retrieval methods. I suspect that is where the "no that's not it either" statement originated from.


Nobody should be giving out password hints and under normal circumstances this should not even be possible. I can imagine a scenario where a customer might make a guess that there password is xyz123 and a CSR might ask could the password be abc123.




Please note: I have a professional bias towards Vodafone.

Create new topic



Switch your broadband provider now - compare prices


Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Samsung Galaxy Fold now available in New Zealand
Posted 6-Dec-2019 00:01


NZ company oDocs awarded US$ 100,000 Dubai World Expo grant
Posted 5-Dec-2019 16:00


New Zealand Rugby Selects AWS-Powered Analytics for Deeper Game Insights
Posted 5-Dec-2019 11:33


IMAGR and Farro bring checkout-less supermarket shopping to New Zealand
Posted 5-Dec-2019 09:07


Wellington Airport becomes first 5G connected airport in the country
Posted 3-Dec-2019 08:42


MetService secures Al Jazeera as a new weather client
Posted 28-Nov-2019 09:40


NZ a top 10 connected nation with stage one of ultra-fast broadband roll-out completed
Posted 24-Nov-2019 14:15


Microsoft Translator understands te reo Māori
Posted 22-Nov-2019 08:46


Chorus to launch Hyperfibre service
Posted 18-Nov-2019 15:00


Microsoft launches first Experience Center worldwide for Asia Pacific in Singapore
Posted 13-Nov-2019 13:08


Disney+ comes to LG Smart TVs
Posted 13-Nov-2019 12:55


Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19


Malwarebytes overhauls flagship product with new UI, faster engine and lighter footprint
Posted 6-Nov-2019 11:48


CarbonClick launches into Digital Marketplaces
Posted 6-Nov-2019 11:42


Kordia offers Microsoft Azure Peering Service
Posted 6-Nov-2019 11:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.