Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
695 posts

Ultimate Geek
+1 received by user: 102


  Reply # 1883682 14-Oct-2017 23:47
Send private message quote this post

mattwnz:

 

minimoke:

 

 

 

That became a bit unstuck. What I found was that Telecom sold the Tivo's through a separate company which no longer exists.

 

 

I know you have probably put this behind you, but when I purchased mine, I purchased it directly from Telecom and it was on my bill from them. So intrigued who the separate company was. 

 

As per the other thread on this at the moment, it does look like they can now be modded, which is another possible solution for some, but potentially pricey.

 

 

I only mention this because there is a technology lesson here. Just because you paid on your telecom bill is not proof of purchase between you and the seller. If you delve more deeply you will find on your original contract that the supplier is actually "XYZ Ltd" Not "Telecom Ltd".( I purchased directly off telecom as well - or so I thought)

 

 

 

If you were to audit the money trail your cash leaves your bank account, enters Telecoms bank account and then heads off to XYZ Ltds bank account. I 'd argue there is some deceptive selling happening there - but as you say its kinda behind me.

 

 

 

But my advice would be when making a purchase look very closely, not only at the conditions of sale but also who the seller legally is - that's the person you will pursue in a CGA claim.

 

 

 

I haven't bought anything from Spark or Vodafone for while. If you have go have a look at your purchase contract and see who actually sold you your device.


695 posts

Ultimate Geek
+1 received by user: 102


  Reply # 1883683 14-Oct-2017 23:57
Send private message quote this post

mattwnz:

 

[

 

 

 

That is like a builder having in their contract that 'all roofs may leak' in the contract. Things have to be fit for purpose and last a reasonable period of time based on the price paid..

 

 

In which case the builder might say "the roof water tightness is limited to protection against known causes of leakage at the time of agreeing this contract" 

 

 

 

Your builder isn't going to be liable if a lead acid battery factory sets up next door to you later down the track (assuming factory waste affects the roof)


 
 
 
 


2947 posts

Uber Geek
+1 received by user: 836

Trusted
Subscriber

  Reply # 1883687 15-Oct-2017 00:09
2 people support this post
Send private message quote this post

I really don't see any reason to get worked up over the panic reporting that's going on with all the sensationalist headlines such as "Wireless  'Blueborne' attacks targets billions of bluetooth devices" or "Blueborne attacks impacts billions of bluethooth devices". It's supreme sensationalism. One security company (Armis) has discovered a series of exploits through which they have been able to engineer an attack on a close proximity device. Have their tools been released into the wild? Has anyone developed similar tools in parallel? How many actual reports of Blueborne style attacks in the wild have been made? What's the real possibility of being hacked?

 

Bluetooth attacks have been around a few decades now and the research into vulnerabilities is only in its infancy. In their whitepaper on Blueborne, Armis say "However, as the Bluetooth stack is such an immense piece of code, the work we are presenting might be only the tip of the iceberg". Earlier in the paper, through the sheer size of the specification Armis demonstrate quite clearly how big, and how much of a mess, Bluetooth is.

 

Here's a brief article from July 2005 about Bluetooth attacks back then. The security advice today is no different from when this article was written: if you're not using it, turn it off. 


6799 posts

Uber Geek
+1 received by user: 3132

Moderator
Trusted
Subscriber

  Reply # 1883689 15-Oct-2017 00:23
Send private message quote this post

Also to note from @Dratsab's post is there have been numerous other vulnerabilities in the past regarding Bluetooth and other wireless technologies.

 

1) If you have an older router with WPS enabled did you know it takes all but 5-10mins to crack the WPA key?
2) If you have an older iPhone did you know you could exploit the WiFi chipset to gain full root access?
3) Did you know the same phone that you're using likely has the same WiFi vulnerability? (also known as Broadpwn).

 

There are much worse things out there that have been actively exploited in the wild your phone may be vulnerable to. It is one of those risks with having a Smartphone. Just like how a computer could be pwned by a network trojan (think Wannacry) or how your TV could be listening to your every conversation (think the multiple Samsung Tizen exploits).

 

At least in your case, it is mitigated by third-party firmware. Other people are not so lucky.

 

There are many valid points made here but I think also the thread is going around in circles and have got their tinfoil hats on. If you're concerned about Bluebourne then take a look at the bigger picture of the other devices around you that may hold much worse vulnerabilities. How do you know that your router has not been compromised already due to an insecure version of dnsmasq syphoning your data off in the process to some black hat hacker?

 

Anyway - I locked this before but wanted to make some valid points too. I think you need to take a long hard think before looking at a single device at other devices around you to note that this is why the CGA doesn't cover it. It is impossible to track serious CVE's in every device you own. Since the OP's question has been sufficiently answered by a Lawyer and many other people who have experience in this industry I am calling it and locking this before it goes off topic once again.





Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial


BDFL - Memuneh
59053 posts

Uber Geek
+1 received by user: 10336

Administrator
Trusted
Geekzone
Subscriber

  Reply # 1885677 18-Oct-2017 12:55
Send private message quote this post

I know this was (rightly) locked by a mod. But in light of new evidence, I am unlocking it. As per Consumer NZ post on Twitter:

 





2757 posts

Uber Geek
+1 received by user: 1164


  Reply # 1885711 18-Oct-2017 13:46
Send private message quote this post

Interesting development.  I guess the key point here is "we think..." in which it is only an opinion, and from a group whose sole purpose is to advocate for the consumer.  If that were the actual legal position in NZ then I think a lot of technology companies would be concerned at their exposure to claims. 

 

No doubt most have seen the latest sensationalised headlines about KRACK. What are the chances that the likes of Samsung (not alone but used as it relates to the OP) can actually roll out a security update to every single handset in use regardless on the make, model or carrier?  I would say next to no chance they can do that, so then does that mean anyone who does not get provided the update has a claim that their handset is suddenly not fit for purpose and they can ask for a remedy?  (which I assume would be to send back to Samsung so it can be manually updated or a refund/replacement). 

 

Then, what time frame would be acceptable?  Immediately, 2 Weeks, sometime before Christmas?         

 

https://www.theverge.com/2017/10/16/16481136/wpa2-wi-fi-krack-vulnerability

 

  





Always be yourself, unless you can be Batman, then always be the Batman



695 posts

Ultimate Geek
+1 received by user: 102


  Reply # 1885888 18-Oct-2017 19:12
Send private message quote this post

freitasm:

 

I know this was (rightly) locked by a mod. But in light of new evidence, I am unlocking it. As per Consumer NZ post on Twitter: 

 

 

I would have thought there was a difference between not receiving security updates and not receiving security updates for a particular previously unknown issue. 

 

Unless you had bought some kind of annual maintenance agreement which said you would get protection form all threatens. 

 

I am pleased to see though that Consumer NZ seems to think it important that if there is a known issue or shortcoming it should be advertised as such.


1512 posts

Uber Geek
+1 received by user: 879

Trusted
Subscriber

  Reply # 1885920 18-Oct-2017 19:33
Send private message quote this post

Wow just wow is all I can say

Linux

1052 posts

Uber Geek
+1 received by user: 715

Subscriber

  Reply # 1885925 18-Oct-2017 19:38
One person supports this post
Send private message quote this post

scuwp:

 

Interesting development.  I guess the key point here is "we think..." in which it is only an opinion, and from a group whose sole purpose is to advocate for the consumer.  If that were the actual legal position in NZ then I think a lot of technology companies would be concerned at their exposure to claims. 

 

 

 

 

You will never get definitive case law on the vast majority of Consumer Guarantees Act-related issues. Two simple reasons: (1) most claims are not worth the money required to get things on to the High Court or higher, where binding precedents can be issued and (2) the decisions of the Disputes Tribunal (where most CGA claims are heard) are not widely published, even if one DT decision might have some persuasive value on another DT referee. Be that as it may, even as a generalised, informed opinion from a reputable organisation, I think Consumer's view is potentially going way too far. And I am obviously rather informed on CGA-related issues and is coming from a POV of having no time of the day of the anti-consumer sentiments that at times pervade here.

 

The view that if it "can" be patched but a security update isn't provided then it is a substantial failure will, if taken literally, mean that no NZretailer in their right mind should consider stocking Android phones, given the manufacturers' tendencies to stop offering any updates after around 2 years. I am not defending this behaviour but when the expectation is so far beyond what is available in the market, enforcing this kind of thing in a blunt way will just lead to massively reduced choices, high prices, and lower availability of devices. And just in case anyone thinks that I am some Android fanboy, I actually detest Android and personally couldn't care less what is/isn't available on that platform.

 

The furthest that I think one can realistically go is that, for as long as OS updates are being issued for the phone, you'd expect the manufacturer to promptly issue security patches for exploits of this nature, and for security updates at least to be available for up to around 3 years since a device's first introduction to the market - whichever is the longer. In practice, should the Android camp up their game, will mean that updates are available for 3 years. I think that certainly is more consumer friendly and reasonable.

 

 

 

 

 

 

 

 


6984 posts

Uber Geek
+1 received by user: 2218

Subscriber

  Reply # 1885937 18-Oct-2017 20:01
One person supports this post
Send private message quote this post

but the phone still CAN receive security/software updates, its just the manufacture just hasnt released any.


25576 posts

Uber Geek
+1 received by user: 5357

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1885965 18-Oct-2017 21:12
Send private message quote this post

minimoke:

 

I am pleased to see though that Consumer NZ seems to think it important that if there is a known issue or shortcoming it should be advertised as such.

 

 

I fundamentally disagree with the Consumer NZ tweet and hope they took legal advice before posting it.

 

It certainly wouldn't be the first time they've mislead the general public with advice.

 

 

 

 

 

 


1052 posts

Uber Geek
+1 received by user: 715

Subscriber

  Reply # 1885969 18-Oct-2017 21:27
Send private message quote this post

sbiddle:

 

I fundamentally disagree with the Consumer NZ tweet and hope they took legal advice before posting it.

 

It certainly wouldn't be the first time they've mislead the general public with advice.

 

 

 

There's very limited legal advice that anyone can seriously obtain on this kind of issue, for the reasons I have already explained. And, no offence, your second statement is a pretty serious allegation -- not very cool to be throwing this around without further elaboration as you yourself haven't exactly demonstrated a perfect knowledge of these complicated legal issues.

 

 

 

 


25576 posts

Uber Geek
+1 received by user: 5357

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1885976 18-Oct-2017 21:47
2 people support this post
Send private message quote this post

dejadeadnz:

 

sbiddle:

 

I fundamentally disagree with the Consumer NZ tweet and hope they took legal advice before posting it.

 

It certainly wouldn't be the first time they've mislead the general public with advice.

 

 

 

There's very limited legal advice that anyone can seriously obtain on this kind of issue, for the reasons I have already explained. And, no offence, your second statement is a pretty serious allegation -- not very cool to be throwing this around without further elaboration as you yourself haven't exactly demonstrated a perfect knowledge of these complicated legal issues.

 

  

 

Their claims over Colgate toothpaste are all I really need to say to substantiate my comment.

 

 


Aussie
3919 posts

Uber Geek
+1 received by user: 1026

Trusted
Subscriber

  Reply # 1885988 18-Oct-2017 23:08
2 people support this post
Send private message quote this post

Is Consumer NZ a non-profit/govt department available to all, or is it a subscription based magazine written by people that have opinions like anyone else?

 

 

 

Oh, wait... 

 

 

 

 In 1986 the Ministry of Consumer Affairs was established and the Consumers Institute (Consumer NZ) lost its special legal protection and government funding.

 

Consumers' money comes from the sale of publications and subscriptions to Consumer and consumer.org.nz.

 

 

 

While they might "steer" Consumer Affairs in some ways, they're no different to any lobby group.


695 posts

Ultimate Geek
+1 received by user: 102


  Reply # 1886024 19-Oct-2017 06:59
Send private message quote this post

blakamin: 

 

While they might "steer" Consumer Affairs in some ways, they're no different to any lobby group.

 

 

And like any lobby group they can usually claim some expertise in the area they are lobbying for. While some might not like their opinions, on a continuum I think their views on consumer rights are stronger than those expressed on internet forums. They live and breath consumer issues and (ought to) have access to all case law on consumer.

 

 

 

I don't think you can take a character limited tweet as a full expert opinion - however it gives a sense of their view. The most important words (for this thread) are likely to be "cant receive security updates". How many phones cant do that?


1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

UFB killer app: Speed
Posted 17-Nov-2017 17:01


The case for RSS — MacSparky
Posted 13-Nov-2017 14:35


WordPress and Indieweb: Take control of your online presence — 6:30 GridAKL Nov 30
Posted 11-Nov-2017 13:43


Chorus reveals technology upgrade for schools, students
Posted 10-Nov-2017 10:28


Vodafone says Internet of Things (IoT) crucial for digital transformation
Posted 10-Nov-2017 10:06


Police and Facebook launch AMBER Alerts system in NZ
Posted 9-Nov-2017 10:49


Amazon debuts Fire TV Stick Basic Edition in over 100 new countries
Posted 8-Nov-2017 05:34


Vodafone VoIP transition to start this month
Posted 7-Nov-2017 12:33


Spark enhances IoT network capability
Posted 7-Nov-2017 11:33


Vocus NZ sale and broadband competition
Posted 6-Nov-2017 14:36


Hawaiki reaches key milestone in landmark deep-sea fibre project
Posted 4-Nov-2017 13:53


Countdown launches new proximity online shopping app
Posted 4-Nov-2017 13:50


Nokia 3310 to be available through Spark New Zealand
Posted 4-Nov-2017 13:31


Nest launches in New Zealand
Posted 4-Nov-2017 12:31


Active wholesale as Chorus tackles wireless challenge
Posted 3-Nov-2017 10:55



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.