Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

New BT website - unsecure????

  • 05-04-2006 11:08am
    #1
    Banned (with Prison Access) Posts: 21,634 ✭✭✭✭


    :eek: OMG, i just logged in to check my bill and it's a new website design, but it's unsecured!!

    Surely this is a breach under the data protection act and common sense?, if the website is not SSL secure then anyone could hack in and steal all your personal information and account details?????


Comments

  • Registered Users, Registered Users 2 Posts: 1,586 ✭✭✭redman


    Yes your right! I won't be paying my bill through there yet.

    Oh hang on, I won't be paying my bill anyway!:)
    At least not until they sort their billing system out!:D


  • Registered Users, Registered Users 2 Posts: 3,177 ✭✭✭oneweb


    I've just sent an email to customer.care AT btireland.ie and I suggest you all do too.

    I called their customer service dept but I really should have known better - "Sounds like a Technical Support issue". When I told him it wasn't, it was a problem on their own site he transferred me to a Global Solutions bot which asked for a 9 digit code :confused: If only call centre agents were told that there are actually other departments out there! they just have to look outside the box (tell me I got it right, that's the kind of thing this box is all about, right?)

    It is what it's.



  • Banned (with Prison Access) Posts: 21,634 ✭✭✭✭Richard Dower


    Yes, what happens if you pay your bill on an unsecure website?
    I called BT, they claim it is?....can anyone savvy people say if it is or not?

    I see no SSL 128bit padlock on the bottom right when i log in or try pay with a credit card??


  • Registered Users, Registered Users 2 Posts: 3,177 ✭✭✭oneweb


    Yes, what happens if you pay your bill on an unsecure website?
    I called BT, they claim it is?....can anyone savvy people say if it is or not?

    I see no SSL 128bit padlock on the bottom right when i log in or try pay with a credit card??
    Without the padlock and https ,it's not secure

    It is what it's.



  • Banned (with Prison Access) Posts: 25,234 ✭✭✭✭Sponge Bob


    You are 100% correct Richard, I suggest you bring this to the attention of a journo on The Register because that will lead to it being fixed pretty damn quick where talking to their customer care will not .....as we know :(

    Having a secure set of pages for all payments is an ecommerce 101 sort of thing nowadays , ie padlock bottom of browser and location of URL on top changes to https:// from http://


  • Advertisement
  • Banned (with Prison Access) Posts: 21,634 ✭✭✭✭Richard Dower


    Anyone have an email address for a journo in Ireland to shame BT?


  • Registered Users, Registered Users 2 Posts: 6,236 ✭✭✭Idleater


    Nice of the Home Page to inform us that BT is a "proud sponsor" of MakeITSecure.ie.

    I know of some "windowed" websites where an inner frame is HTTPS but the outer one isnt so there is no padlock.

    No sign of this when I do view page info though.


    L.


  • Banned (with Prison Access) Posts: 25,234 ✭✭✭✭Sponge Bob


    Even more shameless than BT are the insufferable morons who pretend to be tech journos in Ireland, go straight to the Register like a good man and do not pass go ! Our 'journos' will lift the story and may rewrite a word or two out of respect for the Reg .


  • Banned (with Prison Access) Posts: 21,634 ✭✭✭✭Richard Dower


    I emailed TV3, hopefully we'll get a speedy resolution.


  • Banned (with Prison Access) Posts: 21,634 ✭✭✭✭Richard Dower


    nereid wrote:
    Nice of the Home Page to inform us that BT is a "proud sponsor" of MakeITSecure.ie.

    I know of some "windowed" websites where an inner frame is HTTPS but the outer one isnt so there is no padlock.

    No sign of this when I do view page info though.


    L.

    So i'm right?...i know myself sometimes a window within a window will be SSL secure, but i see none of this on the BT website?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 6,762 ✭✭✭WizZard


    I emailed TV3, hopefully we'll get a speedy resolution.
    Copy the email to news@theregister.co.uk will you... :rolleyes:
    TV3.. :p


  • Banned (with Prison Access) Posts: 21,634 ✭✭✭✭Richard Dower


    Done, TV3 might be able to get BT moving...it's dangerous for customers right now.


  • Closed Accounts Posts: 16,713 ✭✭✭✭jor el


    I was wondering what the hell you were all on about, I just checked my account and it is on https. Then I tried following the link from the normal unsecured homepage and it also logged me in unsecure. Seems like somebody fcuked up with the links from the homepage. I can view my full account details on an unsecure connection

    If you enter https://home.btireland.ie it should take you down the right road, but they really need to fix this ASAP as many might not notice.

    Might try webmaster@btireland.ie and see if that works.

    edit: Seems BT don't have a webmaster, why am I not surprised. Must try complaints instead. This is a serious issue.


  • Banned (with Prison Access) Posts: 21,634 ✭✭✭✭Richard Dower


    So i'm not wrong?...like i don't wanna get sued!!


  • Banned (with Prison Access) Posts: 21,634 ✭✭✭✭Richard Dower


    When i click on the https link above it is no longer available? "page cannot be displayed"


  • Closed Accounts Posts: 2,074 ✭✭✭BendiBus


    So i'm not wrong?...like i don't wanna get sued!!

    You might even bring down TV3 with you :eek: :p


  • Registered Users, Registered Users 2 Posts: 6,236 ✭✭✭Idleater


    jor el wrote:
    If you enter https://home.btireland.ie it should take you down the right road, but they really need to fix this ASAP as many might not notice.

    Might try webmaster@btireland.ie and see if that works.

    edit: Seems BT don't have a webmaster, why am I not surprised. Must try complaints instead. This is a serious issue.


    Well done!

    I have sent a support request/email thingy to them "querying" the lack of https support. Usual "we will respond in 24 hours" pfo response so far.

    Richard Dower, You will not be sued, and you are correct. Jeez BT are such dinwits.

    How long has this "new look" been active? I mean, If it is just this morning then they are damn lucky that some people with half a grain of sense found something fishy with the site. I mean, with all the scam stuff going around with atms and all that, a new website and no HTTPS is very bad. How are "innocent" people supposed to know that the "new look" is legit and that they are not sending Mr Ubungu and his $100 000 000 heirs their details???

    Anyway, hope this gets resolved sharpish.

    <edit>
    I can't get onto the site at the moment either via Http or s, so maybe they have copped!!!
    </edit>

    L.


  • Banned (with Prison Access) Posts: 21,634 ✭✭✭✭Richard Dower


    And The Register!....least i have you guys to back me up, right? RIGHT??


  • Banned (with Prison Access) Posts: 21,634 ✭✭✭✭Richard Dower


    The BT website is down, maybe they are fixing it?


  • Banned (with Prison Access) Posts: 21,634 ✭✭✭✭Richard Dower


    Hey!...you think they'll give me like a €20 credit for being a good customer?

    :-)


  • Advertisement
  • Banned (with Prison Access) Posts: 25,234 ✭✭✭✭Sponge Bob


    Its fixed now.

    Well done Richard that must be the fastest fix BT ever did in Ireland, could you mail them and ask them to FIX THEIR BILLING now seeing as they obviously listen to you !


  • Banned (with Prison Access) Posts: 21,634 ✭✭✭✭Richard Dower


    I did Sponge, and TV3....maybe they can do a follow up story on the horrid BT billing system and all the overcharging/missing credits?

    :-)


  • Registered Users, Registered Users 2 Posts: 1,586 ✭✭✭redman


    looks fixed.

    power the people;)


  • Registered Users, Registered Users 2 Posts: 6,236 ✭✭✭Idleater


    I did Sponge, and TV3.


    Oh good, does that mean that if someone snuck in a sly comment about how they hated the amount of adds that TV3 3 3 put in their programmes resulting in one say, not watching that channel, that someone in the TV3 3 3 towers might perchance see it?

    Maybe someone will have a go...

    ;)


  • Banned (with Prison Access) Posts: 21,634 ✭✭✭✭Richard Dower


    Yup, the website is now SSL secured. Wow...they actually did something right for once!

    :-)


  • Registered Users, Registered Users 2 Posts: 6,236 ✭✭✭Idleater


    Yup, the website is now SSL secured. Wow...they actually did something right for once!

    :-)


    yeah, but the enter username password screen isn't.

    I went via www.btireland.ie and clicked view account.

    If I manually type in the https then it goes secure all right.

    Have I missed something?


  • Banned (with Prison Access) Posts: 21,634 ✭✭✭✭Richard Dower


    I'm not sure if the previous website was SSL secure when you clicked on "view my bill" and the new page wherby you enter username/password?

    Is it important this page also be SSL secure?


  • Closed Accounts Posts: 71 ✭✭nearlyhappy


    Proves a couple things:

    Powers that BT surf this site. As I was told by one of their complaints officers, but I didnt believe it then. Well it was a complaints officer after all....

    The time/money/effort that went into this new site, is a sure sign that corporate image is much more important than customer satisfaction.



    Heres a suggestion for Broadband Tits


    How about you should have taken the money/time/staff/effort you put into this new site, and put it into creating a system whereby your "valuable" customers can effectively pay a bill, and not have to spend hours on the phone to muppets every month????

    Just a suggestion...

    Nh


  • Banned (with Prison Access) Posts: 21,634 ✭✭✭✭Richard Dower


    Well i think it was more BT gots calls/emails then them surfing Boards.


  • Advertisement
  • Closed Accounts Posts: 71 ✭✭nearlyhappy


    Well i think it was more BT gots calls/emails then them surfing Boards.

    Probably, but it'll be a first if calls/emails have had an effect in BT land

    :)


  • Registered Users, Registered Users 2 Posts: 6,236 ✭✭✭Idleater


    I'm not sure if the previous website was SSL secure when you clicked on "view my bill" and the new page wherby you enter username/password?

    Is it important this page also be SSL secure?


    I remember the "entire" btireland site being https before.

    I don't know how important the login page being https is, but the way I figure it, if its not secure and someone happens to grab your plaintext username and password then they essentially can have free reign in your account.

    Most of the webmail programmes have options to "log in securely" which they do over https.

    Something to keep at BT about anyway...

    L.


  • Banned (with Prison Access) Posts: 21,634 ✭✭✭✭Richard Dower


    Somebody give 'em a call about this, i'm eating some chicken.


  • Registered Users, Registered Users 2 Posts: 6,236 ✭✭✭Idleater


    Somebody give 'em a call about this, i'm eating some chicken.


    I stand corrected. I had a look at the site source and the login form does submit via https:

    https://home.btireland.ie/echannel/BTres.portal?_nfpb=true&homePage_actionOverride=%2Fpageflows%2FloginLogout%2Flogin&_windowLabel=homePage

    L.


  • Registered Users, Registered Users 2 Posts: 2,300 ✭✭✭PixelTrawler


    nereid wrote:
    I remember the "entire" btireland site being https before.

    I don't know how important the login page being https is, but the way I figure it, if its not secure and someone happens to grab your plaintext username and password then they essentially can have free reign in your account.

    Most of the webmail programmes have options to "log in securely" which they do over https.

    Something to keep at BT about anyway...

    L.

    its vital that page is secure.... you figure perfectly right
    theres no point at all have an ssl site if the login is plaintext

    as you say once you have a login you can do anything


  • Banned (with Prison Access) Posts: 21,634 ✭✭✭✭Richard Dower


    That login page is still not secure.


  • Advertisement
  • Closed Accounts Posts: 1,491 ✭✭✭Foxwood


    :eek: OMG, i just logged in to check my bill and it's a new website design, but it's unsecured!!

    Surely this is a breach under the data protection act and common sense?, if the website is not SSL secure then anyone could hack in and steal all your personal information and account details?????

    SSL doesn't make a website any more or less "hackable". SSL encrypts the data travelling between the website and you, so that it can't be "snooped" on, but that doesn't make the server itself any more or less secure from hackers.

    (On a wired DSL line, it's pretty unlikely that anyone is eavesdropping on your connection, because you've got a dedicated connection back to the DSLAM. There was a time when cable broadband had issues with this, because the local part of the network would be shared with your neighbours - I don't know if that's still the case, though. Wireless BB is usually encrypted, though not always).


Advertisement