Userid / Password

[jfrancis]

I have a serious concern with the current situations with Userids and passwords on the Telkom ADSL network.

Telkom currently provides no facility for users to change their userid or even their passwords. This means that every ADSL subscriber uses the userid & password supplied to them by some Telkom employee.

Tekom employees that have access to these userids and passwords can either use them thmeselves or hand them out to friends & family! So how can Telkom have a 3 gig cap in place without providing a *SECURE* means for changing the password for a given connection?

This info would also be available to any hacker who gains control of a badly configured machine or ADSL device (particulalrly those purchased from Telkom with a default password -- you have been warned!)

Imagine the possibilities -- once your 3 gig cap is active, just hack ouround the Telkom ADSL IP range for a new userid / password that is not yet capped. (I am by no means endorsing this sort of behaviour, but it's about time that someone revealed this to Telkom ADSL users and to Telkom.)

The issue that I would like to see Telkom address is the level of protection that they afford ADSL subscribers -- before they implement caps on usage -- which are bound to userid profiles.

Telkom have no right to cap users before they implement basic levels of protection to protect users against this kind of abuse.

I would *LOVE* to see Telkom's response on this one, RPM!

 

[Mux]

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><i>Originally posted by jfrancis</i>
<br />I have a serious concern with the current situations with Userids and passwords on the Telkom ADSL network.

Telkom currently provides no facility for users to change their userid or even their passwords. This means that every ADSL subscriber uses the userid & password supplied to them by some Telkom employee.
<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">
I agree with you 100%.

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote">
<br />Imagine the possibilities -- once your 3 gig cap is active, just hack ouround the Telkom ADSL IP range for a new userid / password that is not yet capped. (I am by no means endorsing this sort of behaviour, but it's about time that someone revealed this to Telkom ADSL users and to Telkom.)
.......

I would *LOVE* to see Telkom's response on this one, RPM!

<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">
Actually as much as I feel Telkom has failed the expectations of many users with the implementation of ADSL, they have provided a fair amount of info on their website.
Regarding Security, I have the following from their site: http://www.telkom.co.za/adsl/tech_info4.jsp
an extract: <i><font color="blue">"Modem Security
To ensure that your modem is secure from hackers or malicious users you should change the Superviser ID and Password on the Marconi POTS Router modem when setting up your Internet access. Follow the procedure below: "</font id="blue"></i>
I encourage new ADSL users to not only read the Telkom site regarding security exposure, but also do a Search on www.MyADSL.co.za where a number of issues have been posted. Forewarned is forearmed.

It is always good to re-raise the security issues.

 

[VQuest]

This has been a major concern of mine since first getting ADSL. All other major ISP's provide a way to change your password online. Surely it can't be that difficult for Telkom to inplement the same system.


----------------
United we stand!
----------------

 

[microfast]

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><i>Originally posted by Mux</i>
<b>they have provided a fair amount of info on their website.</b>
<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

Hi Mux, I agree - just wanted to point out the security issue was
first posted on myadsl - Telkom might not have been aware of the issue until it appeared here - they posted their article some days later - good on yer myadsl. Of course Telkom did not thank myadsl if I recall correctly.

 

[Mux]

Very true indeed microfast.
It shows that MyADSL actually delivers a lot of value to the community. I am glad that the fact that Telkom did post relevant information on their website originating from MyADSL. It's a very sad that they stay in denial and not at least give some credit for the valuable information they receive.
Oh well, what can one expect after-all. Openness and honesty have never been a strong point.
New technology, but the some old shoddy attitude.

 

[desraid]

MyADSL solves and helps out ADSL users that Telkom can't support.
Telkom technical support division is a nonsense.
I called them like 100 times till now and most of the time it wasn't so helpful.

 

[VQuest]

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><i>Originally posted by desraid</i>
<br />MyADSL solves and helps out ADSL users that Telkom can't support.
Telkom technical support division is a nonsense.
I called them like 100 times till now and most of the time it wasn't so helpful.

<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

Absolutely! I have received more helpful advice on this site than I've ever received from Telkom's support.


----------------
United we stand!
----------------

 

[Whoop_Ass]

Does this also aply to the alcatel modems?[8D]

If Sex is a pain in the Arse you doing it WRONG!

 

[asmith]

I think each ISP would have to impliment the password change facility on their side, because they are the ones that supply Telkom with the username and password in many cases, and the same ones are used for email. That said, its not all difficult. Should only take an ISP few hours max. to develop and test a password change facility.
So lets everyone email our ISPs requesting this facility. Good luck if your directly with Telkom!