16-11-2010 7h46 - edited 16-11-2010 7h59
Can't say I am convinced.
Entering rubbish details on the http page gets you redirected to a new https page to try again. Surely the login details were passed using http (unencrypted) protocol before being rejected. For now have bookmarked the https encrypted page you suggested.
By the way on the BOTH of the https pages the tick box for "remember me on this computer" is already ticked.
followed by the warning about not using this option on public computers or it will remember your login details and password!!!
on 16-11-2010 18h02
on 16-11-2010 18h34
SeanD does that mean that BT have not done anything to close the loophole yet or that they are not going to do anything at all?
16-11-2010 19h48 - edited 16-11-2010 19h49
I am absolutely stunned at your [lack of] performance regarding this issue. As a BT customer I am extremely dissapointed by what SeanD said:
"we’d like to advise you that The action of applying hundreds of pounds of cost to a customer, as described in Bitterwallet, will not work unless payment is made using a credit card"
Ok, so it will only affect the minority that pay using a credit card. That's ok than. And if/when it does affect that minority, they will be notified about it.
NOT GOOD ENOUGH! BT, you are a sham. I feel so strongly about this that I actually registered on this forum, most times I would let it go by, but I really feel my voice has to be heard. Not by the other forum members, but by you, BT. I would phone customer services, but they probably won't have a clue about what I am talking about, right?
SeanD, BT, doing nothing about this other than just simply saying it will affect a minority is wrong. I'm sure it actually breaks the law somewhere. You can't just do nothing about it, thats anarchical! So, I go and burgle someones house, but pin a note on their door on the way out saying I have done so, thats ok right?
Also, regarding the login page encryption... neither is the register page for this forum encrypted... so all my details, password and name that I typed in went right across the internet unencrypted. I'm stunned that such a company behaves this way. The day my BT phone line contract is up I am changing, without doubt. I want to be as far away from you [BT] as I possibly can ever get.
this is a monumental mistake for you [BT] to not do anything. I'm stunned, completely stunned.
on 16-11-2010 22h01
BT, doing nothing about this other than just simply saying it will affect a minority is wrong. I'm sure it actually breaks the law somewhere.
The law your most likely refering to would be the data protection act 1998, Schedule 1, The Data Protection Principles, Part 1 Principles, subsection 7.
"Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data."
on 16-11-2010 22h10
Maybe a rival telco could choose a random name from the phone book, then get the number and postcode, type them in, get the renewal date, call at renewal time and potentially gain a new customer!
Or maybe a telco would know that Mr.X has BT as their supplier, call Mr.X claiming to be from BT, get some more details (as part of their fake security checking procedure), even offer a better deal, then bish, bash, bosh....
....they take the line over! - with a lot of hassle for Mr.X in getting it back with BT.
on 17-11-2010 20h47
Hi Guys, In relation to the queries raised around the bitterwallet article, we’d like to advise you that The action of applying hundreds of pounds of cost to a customer, as described in Bitterwallet, will not work unless payment is made using a credit card. We want to make online account management as easy as possible for customers. In order to add items to accounts we ask customers for their telephone number and post code. Customers are automatically notified of any change to their account using previously agreed, preferred contact details via letter or email. If a customer who receives a notification believes, for whatever reason, that they have not made any addition to their account we would investigate and arrange a cancellation if required. Cheers Sean
Frankly, not good enough. I'm very concerned now. Makes me wonder what other gaping security holes there are that you know about but just don't care enough to close.
on 08-12-2010 11h45
Crikey, after reading through all the comments, it seems I have a right to be worried
So what are BT doing about it?