Reply
Aspiring Contributor
nomegustamucho
Posts: 19
Registered: ‎09-10-2010
0

Re: THE ""MY BT" LOGIN PAGE IS NOT SECURE? (NOT ENCRYPTED)

[ Edited ]

Can't say I am convinced.

 

Entering rubbish details on the http page gets you redirected to a new https page to try again. Surely the login details were passed using http (unencrypted) protocol before being rejected. For now have bookmarked the https encrypted page you suggested.

 

By the way on the BOTH of the https pages the tick box for "remember me on this computer" is already ticked.

 

followed by the warning about not using this option on public computers or it will remember your login details and password!!!

 

Brilliant! NOT!

 

 

 

Thanks again.

El enfadado (the angry one)
Community Manager
SeanD
Posts: 1,980
Registered: ‎27-01-2010

Re: THE ""MY BT" LOGIN PAGE IS NOT SECURE? (NOT ENCRYPTED)

Hi Guys, In relation to the queries raised around the bitterwallet article, we’d like to advise you that The action of applying hundreds of pounds of cost to a customer, as described in Bitterwallet, will not work unless payment is made using a credit card. We want to make online account management as easy as possible for customers. In order to add items to accounts we ask customers for their telephone number and post code. Customers are automatically notified of any change to their account using previously agreed, preferred contact details via letter or email. If a customer who receives a notification believes, for whatever reason, that they have not made any addition to their account we would investigate and arrange a cancellation if required. Cheers Sean


BTCare Community Manager

If we have asked you to email us with your details, please make sure you are logged in to the forum, otherwise you will not be able to see our ‘Contact Us’ link within our profiles.

We are sorry that we are unable to deal with service/account queries via the private message(PM) function so please don't PM your account info, we need to deal with this via our email account :-)
Sage
imjolly
Posts: 37,699
Registered: ‎27-01-2010
0

Re: THE ""MY BT" LOGIN PAGE IS NOT SECURE? (NOT ENCRYPTED)

SeanD does that mean that BT have not done anything to close the loophole yet or that they are not going to do anything at all?

If you like a post, or want to say thanks for a helpful answer, please click on the Ratings star on the left-hand side of the post.
If someone answers your question correctly please let other members know by clicking on ’Mark as Accepted Solution’.
Beginner
Simomax
Posts: 1
Registered: ‎16-11-2010
0

Re: THE ""MY BT" LOGIN PAGE IS NOT SECURE? (NOT ENCRYPTED)

[ Edited ]

BT,

I am absolutely stunned at your [lack of] performance regarding this issue. As a BT customer I am extremely dissapointed by what SeanD said:
"we’d like to advise you that The action of applying hundreds of pounds of cost to a customer, as described in Bitterwallet, will not work unless payment is made using a credit card"
Ok, so it will only affect the minority that pay using a credit card. That's ok than. And if/when it does affect that minority, they will be notified about it.

NOT GOOD ENOUGH! BT, you are a sham. I feel so strongly about this that I actually registered on this forum, most times I would let it go by, but I really feel my voice has to be heard. Not by the other forum members, but by you, BT. I would phone customer services, but they probably won't have a clue about what I am talking about, right?

SeanD, BT, doing nothing about this other than just simply saying it will affect a minority is wrong. I'm sure it actually breaks the law somewhere. You can't just do nothing about it, thats anarchical! So, I go and burgle someones house, but pin a note on their door on the way out saying I have done so, thats ok right?

Also, regarding the login page encryption... neither is the register page for this forum encrypted... so all my details, password and name that I typed in went right across the internet unencrypted. I'm stunned that such a company behaves this way. The day my BT phone line contract is up I am changing, without doubt. I want to be as far away from you [BT] as I possibly can ever get.

this is a monumental mistake for you [BT] to not do anything. I'm stunned, completely stunned.

Contributor
Kevtheloyal
Posts: 116
Registered: ‎26-10-2010
0

Re: THE ""MY BT" LOGIN PAGE IS NOT SECURE? (NOT ENCRYPTED)

100% Agree!

Contributor
meman887
Posts: 65
Registered: ‎16-02-2010
0

Re: THE ""MY BT" LOGIN PAGE IS NOT SECURE? (NOT ENCRYPTED)

 


Simomax wrote:

BT, doing nothing about this other than just simply saying it will affect a minority is wrong. I'm sure it actually breaks the law somewhere.

 

The law your most likely refering to would be the data protection act 1998, Schedule 1, The Data Protection Principles, Part 1 Principles, subsection 7.

 

"Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data."

http://www.legislation.gov.uk/ukpga/1998/29/schedule/1

 

---------------------------------------------------------------------------------------------
My Motto:
Going to kill my HomeHub 2 very soon. :smileyhappy:
Distinguished Guru
DS
Posts: 7,684
Registered: ‎27-01-2010
0

Re: THE ""MY BT" LOGIN PAGE IS NOT SECURE? (NOT ENCRYPTED)

Mmm.

Maybe a rival telco could choose a random name from the phone book, then get the number and postcode, type them in, get the renewal date, call at renewal time and potentially gain a new customer!

Or maybe a telco would know that Mr.X has BT as their supplier, call Mr.X claiming to be from BT, get some more details (as part of their fake security checking procedure), even offer a better deal, then bish, bash, bosh....
....they take the line over! - with a lot of hassle for Mr.X in getting it back with BT.

-+-No longer a forum member-+-
Aspiring Expert
Croftie
Posts: 155
Registered: ‎23-08-2010
0

Re: THE ""MY BT" LOGIN PAGE IS NOT SECURE? (NOT ENCRYPTED)

 


SeanD wrote:
Hi Guys, In relation to the queries raised around the bitterwallet article, we’d like to advise you that The action of applying hundreds of pounds of cost to a customer, as described in Bitterwallet, will not work unless payment is made using a credit card. We want to make online account management as easy as possible for customers. In order to add items to accounts we ask customers for their telephone number and post code. Customers are automatically notified of any change to their account using previously agreed, preferred contact details via letter or email. If a customer who receives a notification believes, for whatever reason, that they have not made any addition to their account we would investigate and arrange a cancellation if required. Cheers Sean

Frankly, not good enough. I'm very concerned now. Makes me wonder what other gaping security holes there are that you know about but just don't care enough to close.

 

Aspiring Expert
Ocean
Posts: 408
Registered: ‎15-07-2010
0

Re: THE ""MY BT" LOGIN PAGE IS NOT SECURE? (NOT ENCRYPTED)

Crikey, after reading through all the comments, it seems I have a right to be worried :smileymad:

So what are BT doing about it?

. . . it must be remembered that the sea is a great breeder of friendship. Two men who have known each other for twenty years find that twenty days at sea bring them nearer than ever they were before, or else estrange them.