Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
696 posts

Ultimate Geek
+1 received by user: 102


  Reply # 1883682 14-Oct-2017 23:47
Send private message quote this post

mattwnz:

 

minimoke:

 

 

 

That became a bit unstuck. What I found was that Telecom sold the Tivo's through a separate company which no longer exists.

 

 

I know you have probably put this behind you, but when I purchased mine, I purchased it directly from Telecom and it was on my bill from them. So intrigued who the separate company was. 

 

As per the other thread on this at the moment, it does look like they can now be modded, which is another possible solution for some, but potentially pricey.

 

 

I only mention this because there is a technology lesson here. Just because you paid on your telecom bill is not proof of purchase between you and the seller. If you delve more deeply you will find on your original contract that the supplier is actually "XYZ Ltd" Not "Telecom Ltd".( I purchased directly off telecom as well - or so I thought)

 

 

 

If you were to audit the money trail your cash leaves your bank account, enters Telecoms bank account and then heads off to XYZ Ltds bank account. I 'd argue there is some deceptive selling happening there - but as you say its kinda behind me.

 

 

 

But my advice would be when making a purchase look very closely, not only at the conditions of sale but also who the seller legally is - that's the person you will pursue in a CGA claim.

 

 

 

I haven't bought anything from Spark or Vodafone for while. If you have go have a look at your purchase contract and see who actually sold you your device.


696 posts

Ultimate Geek
+1 received by user: 102


  Reply # 1883683 14-Oct-2017 23:57
Send private message quote this post

mattwnz:

 

[

 

 

 

That is like a builder having in their contract that 'all roofs may leak' in the contract. Things have to be fit for purpose and last a reasonable period of time based on the price paid..

 

 

In which case the builder might say "the roof water tightness is limited to protection against known causes of leakage at the time of agreeing this contract" 

 

 

 

Your builder isn't going to be liable if a lead acid battery factory sets up next door to you later down the track (assuming factory waste affects the roof)


 
 
 
 


2948 posts

Uber Geek
+1 received by user: 836

Trusted
Subscriber

  Reply # 1883687 15-Oct-2017 00:09
2 people support this post
Send private message quote this post

I really don't see any reason to get worked up over the panic reporting that's going on with all the sensationalist headlines such as "Wireless  'Blueborne' attacks targets billions of bluetooth devices" or "Blueborne attacks impacts billions of bluethooth devices". It's supreme sensationalism. One security company (Armis) has discovered a series of exploits through which they have been able to engineer an attack on a close proximity device. Have their tools been released into the wild? Has anyone developed similar tools in parallel? How many actual reports of Blueborne style attacks in the wild have been made? What's the real possibility of being hacked?

 

Bluetooth attacks have been around a few decades now and the research into vulnerabilities is only in its infancy. In their whitepaper on Blueborne, Armis say "However, as the Bluetooth stack is such an immense piece of code, the work we are presenting might be only the tip of the iceberg". Earlier in the paper, through the sheer size of the specification Armis demonstrate quite clearly how big, and how much of a mess, Bluetooth is.

 

Here's a brief article from July 2005 about Bluetooth attacks back then. The security advice today is no different from when this article was written: if you're not using it, turn it off. 


6813 posts

Uber Geek
+1 received by user: 3135

Moderator
Trusted
Subscriber

  Reply # 1883689 15-Oct-2017 00:23
Send private message quote this post

Also to note from @Dratsab's post is there have been numerous other vulnerabilities in the past regarding Bluetooth and other wireless technologies.

 

1) If you have an older router with WPS enabled did you know it takes all but 5-10mins to crack the WPA key?
2) If you have an older iPhone did you know you could exploit the WiFi chipset to gain full root access?
3) Did you know the same phone that you're using likely has the same WiFi vulnerability? (also known as Broadpwn).

 

There are much worse things out there that have been actively exploited in the wild your phone may be vulnerable to. It is one of those risks with having a Smartphone. Just like how a computer could be pwned by a network trojan (think Wannacry) or how your TV could be listening to your every conversation (think the multiple Samsung Tizen exploits).

 

At least in your case, it is mitigated by third-party firmware. Other people are not so lucky.

 

There are many valid points made here but I think also the thread is going around in circles and have got their tinfoil hats on. If you're concerned about Bluebourne then take a look at the bigger picture of the other devices around you that may hold much worse vulnerabilities. How do you know that your router has not been compromised already due to an insecure version of dnsmasq syphoning your data off in the process to some black hat hacker?

 

Anyway - I locked this before but wanted to make some valid points too. I think you need to take a long hard think before looking at a single device at other devices around you to note that this is why the CGA doesn't cover it. It is impossible to track serious CVE's in every device you own. Since the OP's question has been sufficiently answered by a Lawyer and many other people who have experience in this industry I am calling it and locking this before it goes off topic once again.





Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial


BDFL - Memuneh
59069 posts

Uber Geek
+1 received by user: 10341

Administrator
Trusted
Geekzone
Subscriber

  Reply # 1885677 18-Oct-2017 12:55
Send private message quote this post

I know this was (rightly) locked by a mod. But in light of new evidence, I am unlocking it. As per Consumer NZ post on Twitter:

 





2762 posts

Uber Geek
+1 received by user: 1166


  Reply # 1885711 18-Oct-2017 13:46
Send private message quote this post

Interesting development.  I guess the key point here is "we think..." in which it is only an opinion, and from a group whose sole purpose is to advocate for the consumer.  If that were the actual legal position in NZ then I think a lot of technology companies would be concerned at their exposure to claims. 

 

No doubt most have seen the latest sensationalised headlines about KRACK. What are the chances that the likes of Samsung (not alone but used as it relates to the OP) can actually roll out a security update to every single handset in use regardless on the make, model or carrier?  I would say next to no chance they can do that, so then does that mean anyone who does not get provided the update has a claim that their handset is suddenly not fit for purpose and they can ask for a remedy?  (which I assume would be to send back to Samsung so it can be manually updated or a refund/replacement). 

 

Then, what time frame would be acceptable?  Immediately, 2 Weeks, sometime before Christmas?         

 

https://www.theverge.com/2017/10/16/16481136/wpa2-wi-fi-krack-vulnerability

 

  





Always be yourself, unless you can be Batman, then always be the Batman



696 posts

Ultimate Geek
+1 received by user: 102


  Reply # 1885888 18-Oct-2017 19:12
Send private message quote this post

freitasm:

 

I know this was (rightly) locked by a mod. But in light of new evidence, I am unlocking it. As per Consumer NZ post on Twitter: 

 

 

I would have thought there was a difference between not receiving security updates and not receiving security updates for a particular previously unknown issue. 

 

Unless you had bought some kind of annual maintenance agreement which said you would get protection form all threatens. 

 

I am pleased to see though that Consumer NZ seems to think it important that if there is a known issue or shortcoming it should be advertised as such.


1540 posts

Uber Geek
+1 received by user: 882

Trusted
Subscriber

  Reply # 1885920 18-Oct-2017 19:33
Send private message quote this post

Wow just wow is all I can say

Linux

1054 posts

Uber Geek
+1 received by user: 718

Subscriber

  Reply # 1885925 18-Oct-2017 19:38
One person supports this post
Send private message quote this post

scuwp:

 

Interesting development.  I guess the key point here is "we think..." in which it is only an opinion, and from a group whose sole purpose is to advocate for the consumer.  If that were the actual legal position in NZ then I think a lot of technology companies would be concerned at their exposure to claims. 

 

 

 

 

You will never get definitive case law on the vast majority of Consumer Guarantees Act-related issues. Two simple reasons: (1) most claims are not worth the money required to get things on to the High Court or higher, where binding precedents can be issued and (2) the decisions of the Disputes Tribunal (where most CGA claims are heard) are not widely published, even if one DT decision might have some persuasive value on another DT referee. Be that as it may, even as a generalised, informed opinion from a reputable organisation, I think Consumer's view is potentially going way too far. And I am obviously rather informed on CGA-related issues and is coming from a POV of having no time of the day of the anti-consumer sentiments that at times pervade here.

 

The view that if it "can" be patched but a security update isn't provided then it is a substantial failure will, if taken literally, mean that no NZretailer in their right mind should consider stocking Android phones, given the manufacturers' tendencies to stop offering any updates after around 2 years. I am not defending this behaviour but when the expectation is so far beyond what is available in the market, enforcing this kind of thing in a blunt way will just lead to massively reduced choices, high prices, and lower availability of devices. And just in case anyone thinks that I am some Android fanboy, I actually detest Android and personally couldn't care less what is/isn't available on that platform.

 

The furthest that I think one can realistically go is that, for as long as OS updates are being issued for the phone, you'd expect the manufacturer to promptly issue security patches for exploits of this nature, and for security updates at least to be available for up to around 3 years since a device's first introduction to the market - whichever is the longer. In practice, should the Android camp up their game, will mean that updates are available for 3 years. I think that certainly is more consumer friendly and reasonable.

 

 

 

 

 

 

 

 


6992 posts

Uber Geek
+1 received by user: 2220

Subscriber

  Reply # 1885937 18-Oct-2017 20:01
One person supports this post
Send private message quote this post

but the phone still CAN receive security/software updates, its just the manufacture just hasnt released any.


25591 posts

Uber Geek
+1 received by user: 5366

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1885965 18-Oct-2017 21:12
Send private message quote this post

minimoke:

 

I am pleased to see though that Consumer NZ seems to think it important that if there is a known issue or shortcoming it should be advertised as such.

 

 

I fundamentally disagree with the Consumer NZ tweet and hope they took legal advice before posting it.

 

It certainly wouldn't be the first time they've mislead the general public with advice.

 

 

 

 

 

 


1054 posts

Uber Geek
+1 received by user: 718

Subscriber

  Reply # 1885969 18-Oct-2017 21:27
Send private message quote this post

sbiddle:

 

I fundamentally disagree with the Consumer NZ tweet and hope they took legal advice before posting it.

 

It certainly wouldn't be the first time they've mislead the general public with advice.

 

 

 

There's very limited legal advice that anyone can seriously obtain on this kind of issue, for the reasons I have already explained. And, no offence, your second statement is a pretty serious allegation -- not very cool to be throwing this around without further elaboration as you yourself haven't exactly demonstrated a perfect knowledge of these complicated legal issues.

 

 

 

 


25591 posts

Uber Geek
+1 received by user: 5366

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1885976 18-Oct-2017 21:47
2 people support this post
Send private message quote this post

dejadeadnz:

 

sbiddle:

 

I fundamentally disagree with the Consumer NZ tweet and hope they took legal advice before posting it.

 

It certainly wouldn't be the first time they've mislead the general public with advice.

 

 

 

There's very limited legal advice that anyone can seriously obtain on this kind of issue, for the reasons I have already explained. And, no offence, your second statement is a pretty serious allegation -- not very cool to be throwing this around without further elaboration as you yourself haven't exactly demonstrated a perfect knowledge of these complicated legal issues.

 

  

 

Their claims over Colgate toothpaste are all I really need to say to substantiate my comment.

 

 


Aussie
3922 posts

Uber Geek
+1 received by user: 1027

Trusted
Subscriber

  Reply # 1885988 18-Oct-2017 23:08
2 people support this post
Send private message quote this post

Is Consumer NZ a non-profit/govt department available to all, or is it a subscription based magazine written by people that have opinions like anyone else?

 

 

 

Oh, wait... 

 

 

 

 In 1986 the Ministry of Consumer Affairs was established and the Consumers Institute (Consumer NZ) lost its special legal protection and government funding.

 

Consumers' money comes from the sale of publications and subscriptions to Consumer and consumer.org.nz.

 

 

 

While they might "steer" Consumer Affairs in some ways, they're no different to any lobby group.


696 posts

Ultimate Geek
+1 received by user: 102


  Reply # 1886024 19-Oct-2017 06:59
Send private message quote this post

blakamin: 

 

While they might "steer" Consumer Affairs in some ways, they're no different to any lobby group.

 

 

And like any lobby group they can usually claim some expertise in the area they are lobbying for. While some might not like their opinions, on a continuum I think their views on consumer rights are stronger than those expressed on internet forums. They live and breath consumer issues and (ought to) have access to all case law on consumer.

 

 

 

I don't think you can take a character limited tweet as a full expert opinion - however it gives a sense of their view. The most important words (for this thread) are likely to be "cant receive security updates". How many phones cant do that?


1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New Zealand Ministry of Education chooses Unisys for cloud-based education resourcing management system
Posted 22-Nov-2017 22:00


Business analytics software powers profits for NZ wine producers
Posted 22-Nov-2017 21:52


Pyrios strikes up alliance with Microsoft integrator UC Logiq
Posted 22-Nov-2017 21:51


The New Zealand IT services ecosystem - it's all digital down here
Posted 22-Nov-2017 21:49


Volvo to supply tens of thousands of autonomous drive compatible cars to Uber
Posted 22-Nov-2017 21:46


From small to medium and beyond: Navigating the ERP battlefield
Posted 21-Nov-2017 21:12


Business owners: ERP software selection starts (and finishes) with you
Posted 21-Nov-2017 21:11


Why I'm not an early adopter
Posted 21-Nov-2017 10:39


Netatmo launches smart home products in New Zealand
Posted 20-Nov-2017 20:06


Huawei Mate 10: Punchy, long battery life, artificial intelligence
Posted 20-Nov-2017 16:30


Propel launch Disney Star Wars Laser Battle Drones
Posted 19-Nov-2017 21:26


UFB killer app: Speed
Posted 17-Nov-2017 17:01


The case for RSS — MacSparky
Posted 13-Nov-2017 14:35


WordPress and Indieweb: Take control of your online presence — 6:30 GridAKL Nov 30
Posted 11-Nov-2017 13:43


Chorus reveals technology upgrade for schools, students
Posted 10-Nov-2017 10:28



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.