Crystal Web slashes ADSL prices

Never said I ditched them for a news article spin doctor. My details were exposed by their service. The news articles simply supported my customer experience. I'm not going to share the emails I had with them, the article is true to the feedback I received.



I can only be short changed if I felt that my current ISP was worse. I could sit here typing how wonderful my ISP is and tell you how "many" think the same, which I can't as I don't speak for them.

I'm not happy using an service provider that in my customer experience doesn't do due diligence on it's security or it's providers and a whole host of other things that are amateurish mistakes. Not only did it happen once, but twice.
No worries man.

I'm glad to hear that you are happy with the decision you made.

Have a great weekend.
 
You're very naive about the state of security in the SA IT industry.
Once the names of the providers with the breach come out you'll schit yourself.

I really do appreciate you branding me as Naive. You seem to know exactly how little I know about the industry. Good for you!
Do you know the names of the providers, and the state of the security in IT? I'm interested to read what you claim.
 
I'm not happy using an service provider that in my customer experience doesn't do due diligence on it's security or it's providers and a whole host of other things that are amateurish mistakes.

You can do as much hardening as you can afford, but if you're running services on a compromised server that hid its backdoor so well from the company hosting it, there's really nothing you can do and no-one to blame.

Not only did it happen once, but twice.

What was the second time?
 
With respect to the "hack". The service provider in question was compromised in 2013 before we even existed. The backdoor that enabled this was not something we could have been privy to and we were not the only company compromised, however a certain member of this forum chose to disclose ours alone. In addition the provider in question was not honest with us (their client) about the security they had employed, and as a result of this we terminated all commercial relationships with them immediately.

What has taken place since has been a complete re-write of all systems where this sort of problem simply cannot take place again, as we understand the damage it does in terms of trust. We've employed new systems and policies to ensure that no such breach can take place from any system of ours and we're confident that once this launches that you will understand what we mean by this.

We believe in earning the trust back and we hope that once the new systems launch, you will understand the nature of the security in place and be confident enough that things like passwords are secure. The reason we don't often comment on this aspect is because others read these forums with malicious intent and use these sorts of statements as a an open invite to attempt to breach them, and we opt not to engage criminals in this manner.



With respect to the back and forth, I think everyone can find some middle-ground here. We certainly did have network issues midway through last year as a result of not being able to upgrade some IPC links, but this was outside of our control and we believe that since then we have new systems to avoid that taking place again. People may recall that we immediately took control of these links and changed profiles (well, as quickly as we possibly could) and made the changes ourselves. Subscribers during that time had reduced throughput and it resulted in some first impressions being incredibly tainted. We do not shy away from this fact. It happened and some people have a warranted (but no longer applicable) negative perception of the service. Since then the DSL network has operated sublimely, day-in-and-day-out and we've operated with overhead on the network as a precautionary measure, over and above the infrastructure changes that were made.

So we do understand the occasional negative perception. If anyone has experienced an issue since then, the likelihood of it being on our network is marginal. We once encountered an issue where a customer's MTU was incorrect but the modem kept defaulting it back, and that's not really something we can resolve. We also see many instances of trojans and viruses which is why we now scan for this sort of traffic, identify where it emanates from and contact customers to resolve. We also see some awful TCP throughput on occasion and unfortunately this one is complex as it is dependent on your operating system and router as to how it handles this. This is always a TCP config problem on the machines themselves and with thousands of drivers from hundreds of manufacturers, there is no single config to suggest that is optimal.

There are so many variables involved in diagnosing these sorts of things and many times people don't have the patience to undertake it, and this somewhat understandable. What is often irrational is the angry reaction it generates thereafter. As speeds increase, things like wifi, tcp settings, BDP, and a host of other factors all start to play a role and there's an element of education from the client side that also needs to be undertaken to understand how your personal home network and devices play a role. ISPs can guide and help where we can, and we are soon launching some cool kit that will help us to help you in this regard, but more often than not line faults, exposed-joints, maintenance on upstream provider networks, internal networking, TCP settings, wireless drivers, and other non-ISP related issues play a role. And finally, if the server delivering the content to you cannot handle it, you simply won't get full speed. This happens a lot on shared hosting infrastructure and there is no way for your ISP to know what size pipes and server resources are dedicated to them, nor what kind of tcp optimisation they have employed. A lot of code is written without tcp optimisation and it means the service is degraded before it even reaches the ISP. We are going to put together a nice guide for this and write some blogs about it to help people get the most out of their network, and we truly do want assist as much as we can in this regard.
 
Last edited:
@CW

Could you guys offer us Mikrotik routers that are preconfigured for your network, that we could just plug n play?

I definitely be interested in one. I know our home network is not very secure with the TP Link router we're currently using.
 
Im very happy with my Afrihost thanks.
Ive never been a customer of crystal web but i used to always offer messages of support because i like underdogs...
until i read a certain post on this forum from DJ....It offended me so i decided not to say anything good about them anymore.
Someone got triggered. Unfortunately you won't find any safe spaces on mybb
 
@CW

Could you guys offer us Mikrotik routers that are preconfigured for your network, that we could just plug n play?

I definitely be interested in one. I know our home network is not very secure with the TP Link router we're currently using.

We have what we believe to be one better than Mikrotik in terms of ease of use, and configuration.

This releases next week.
 
You can do as much hardening as you can afford, but if you're running services on a compromised server that hid its backdoor so well from the company hosting it, there's really nothing you can do and no-one to blame.

What was the second time?

Agreed. However, I think one could lay blame, and bare with me here.

Yes passwords apparently were stored in clear text, yes there was a back door. But that isn't the issue in my mind. Even with hashing and salting, why would any company allow their account details to be stored in such a way that made it easy to associate the username/account with the password in the first place? I can only imagine it was stored together in notepad or some db table.

Whoever is to blame for their poor security or due diligence matters not. There's only one company I signed up with and that's CW. It's their problem and their fault, and my cost, inconvenience, and time. A little more respect for customer details and privacy is needed, and maybe financial punishment for those that don't prepare...Need some laws for that though...POPI Act ;)

...Oh this is SA so shut up and accept it...
 
Nope. Just my opinion not factual just my opinion. :)

From what I have see so far pro crystalweb mybb members foam at the mouth going for anyone that say something bad to a person that does not agree with or say something bad about crystalweb.
I remember the same with all the other providers. Especially one particular person and mweb.
 
You're very naive about the state of security in the SA IT industry.
Once the names of the providers with the breach come out you'll schit yourself.
He's gonna have trouble finding a bank
Down since Friday? Really?

Aah Crystalweb, what to make of them...

On the one hand the fact alone that someone like HapticSimian has such a raging hardon for CW, makes me want to steer well clear.

And on the other hand you have this MyBB tabloid seemingly at odds with them, which makes me want to sign up with them today.

I think I can live with the fact that DJ... is a bit of a jerk.
 
Agreed. However, I think one could lay blame, and bare with me here.

Yes passwords apparently were stored in clear text, yes there was a back door. But that isn't the issue in my mind. Even with hashing and salting, why would any company allow their account details to be stored in such a way that made it easy to associate the username/account with the password in the first place? I can only imagine it was stored together in notepad or some db table.

Whoever is to blame for their poor security or due diligence matters not. There's only one company I signed up with and that's CW. It's their problem and their fault, and my cost, inconvenience, and time. A little more respect for customer details and privacy is needed, and maybe financial punishment for those that don't prepare...Need some laws for that though...POPI Act ;)

...Oh this is SA so shut up and accept it...
You speak from a position of ignorance. Not being nasty, but you are missing a fact or two.
If you read CW's post you'll see that the storage of credentials was NOT as specified.
If you are told to encrypt something and you don't, is it your fault or the person who gave the instructions?
 
We have what we believe to be one better than Mikrotik in terms of ease of use, and configuration.

This releases next week.

Oh Jesus, yes please. Is this thing going to supplement or replace my router? Will it be expensive?

Agreed. However, I think one could lay blame, and bare with me here.

Yes passwords apparently were stored in clear text, yes there was a back door. But that isn't the issue in my mind. Even with hashing and salting, why would any company allow their account details to be stored in such a way that made it easy to associate the username/account with the password in the first place? I can only imagine it was stored together in notepad or some db table.

Whoever is to blame for their poor security or due diligence matters not. There's only one company I signed up with and that's CW. It's their problem and their fault, and my cost, inconvenience, and time. A little more respect for customer details and privacy is needed, and maybe financial punishment for those that don't prepare...Need some laws for that though...POPI Act ;)

...Oh this is SA so shut up and accept it...

How many times do we have to tell you that the leak had nothing to do with CW? Nothing to do with how they store user info, and nothing to do with their security. It was an upstream provider that had to have access to the user details, and they had appalling security. A fact that led CW to dump them once they realised.
 
Is this thing going to supplement or replace my router? Will it be expensive?

Not expensive, no.There are 3 models and it can either supplement or replace. ;)


It was an upstream provider that had to have access to the user details, and they had appalling security. A fact that led CW to dump them once they realised.

It should be noted that Hogrod's concerns are absolutely understandable. We do understand them, and sympathise. And we are ultimately the ones who must take the flak for it, and when it took place we most certainly did. As this thread is evidence of, we continue to take the flak and we certainly understand it from everyone else's point of view. We have taken measures to prevent this in future, which is the direction we'd like to be focused on.
 
Not expensive, no.There are 3 models and it can either supplement or replace. ;)




It should be noted that Hogrod's concerns are absolutely understandable. We do understand them, and sympathise. And we are ultimately the ones who must take the flak for it, and when it took place we most certainly did. As this thread is evidence of, we continue to take the flak and we certainly understand it from everyone else's point of view. We have taken measures to prevent this in future, which is the direction we'd like to be focused on.
Give us a hint on the router :)
 
How many times do we have to tell you that the leak had nothing to do with CW? Nothing to do with how they store user info, and nothing to do with their security. It was an upstream provider that had to have access to the user details, and they had appalling security. A fact that led CW to dump them once they realised.

You can tell me as many times as you like.

Answer me this, why then allow said company with alleged poor security access to the data in the first place, what about risk assessment, and security measure? Not knowing or being hoodwinked, are not good excuses.

It does not matter whose fault it is or was, as a customer I don't care. I signed up with the ISP for a service, that service was compromised due to a failing by a something that the ISP employed or let access to their system.

If you're going to let entities access or carry your 'stuff', you damn well make sure you've vetted and QA'd their processes so you can protect your IP. At the end of the day, if something happens it's your fault for letting it happen in the first place. You are the sum of your parts.
 
Top
Sign up to the MyBroadband newsletter
X