Still no understanding of security

[MrGray]

I phoned the mysmokesignal helpdesk to ask how I **gulp** go about upgrading to the 256k package (I know, I know, what can I say I'm an optimist) and they asked me to send a fax with my username and password on it. When I told them there was no way I was going to fax my password in plain text the helpdesk orc sounded somewhat flustered and then snapped that I could just write my username then.

You'd think they would have at least bothered to put some security policies in place recently, wouldn't you?? The most basic being password security, doh! Unless the orcs themselves are part of the problem???

There are more things in heaven and earth than are dreamed of by mere mortal men - Shakespeare

 

[clivedoubell]

I just had this brilliant idea. Why doesn't SuckTech provide a page on their website maybe called MyAccount, where a client can go in and upgrade his or her subscription or other details online. Wow, this idea is so revolutionary maybe I should take out an international patent.

On the other hand that would mean that they would have to implement a webbased enterprise level application architecture, with a secure login and database access. And that would need a bit of competence in solution architecting.

OK bad idea.

 

[MrGray]

This is hilarious - they responded that I do not have a Sentech contract and that the username I sent doesn't exist!! I've also just realised they haven't billed my bank account since May either. Yahoo!!! Free internet lives!


There are more things in heaven and earth than are dreamed of by mere mortal men - Shakespeare

 

[gripen]

Its well known that they keep the passwords in plaintext. They believe that the number of modems (one per account) secures the passwords. When you say "my username is USER123" they see you password. Im going to change mine to youstoopidcallcentremonkey and then call and say "um, I lost my password" then wait for the reaction.

 

[MrGray]

So effectively anyone who has access to their frontline systems could harvest 512k account login details and happily connect at 512k even if they're on the 128k package (provided they can find the login details of someone not currently connected)??? Is the package speed determined only by the login? Does their authentication even block multiple logins?? Their logic that there is one account per modem is also dangerous in the long term - what happens when there are extra modems floating around after contracts expire, etc???

There are more things in heaven and earth than are dreamed of by mere mortal men - Shakespeare

 

[johnny]

Greedy - either I'm very tired or your password idea ("youstoopidcallcentremonkey") is one of the funniest things I've read in a while. It's been 10 minutes since I read the post and I'm still chuckling at the mental picture of some hapless orc's face as realization slowly perculates through the countless layers of incompetence that forms his mind...

 

[kickass72za]

LMAO @ Greedy

Go Bud

 

[gripen]

well why not exploit the stupidity to get the message across. they arent supposed to see the password. Its quite a good way to test out the open password theory

I know for a fact that some of the orcs have MyWi at home. What stops them from creating 512k accounts for themselves for example.

It seems to me if you are offline for a significant time somebody WILL steal your login. The only prevention is to stay online 24/7 if you can. They are scanning for unused accounts. They being the hackers or black hats or whatever.

 

[gripen]

sadly it didnt work. by this i mean when i logged off i couldnt get back on since the dialer requires a 16 character ISP password. I know I know I could probably connect with DUN but I fixed it anyways. For security reasons I will not post my new password (sorry, there is no security) but I will say that it does contain the word monkey.

 

[loosecannon]

the way i understand it is that the BW profile is allocated by IP addie and that is allocated by the auth server so yip if you have a 512 un then surfs up ... some low rate not close to 512kbs
....

i also belive the monkeys on helldesk cant add accounts only veiw them ...