5 Things Orcon don’t tell you about their fibre connections

August 4th, 2012

1. You can’t have a static/fixed IP address yet.

2. You can keep using all your jackpoints. Orcon tells you that you need to plug your phone in to your Genius and if you have DECT or other wireless extensions you can use them to allow multiple phones to function.  In fact, you can have Chorus feed the phone connection from your Genius back to your existing splitter and distribute the line between all your extensions.  Everything works as before!

3. Orcon might provision your UFB connection without checking that Chorus have completed the install.  If you’re moving from Orcon DSL to UFB Fibre you might find your existing connection cut off at some arbitrary point when they consider you should be up and running.  I’ve had Orcon Provisioning tell me that they did this to me!

4. The install might take more then one day if Chorus have issues piping the fibre down to your location.

5. There is a known issue with the Orcon Genius firmware version 1400.  This is causing a regular loss of connectivity for UFB customers.  Orcon states that they will be releasing an update to resolve these problems.

What is the Registry Lock status on a Domain Name?

May 7th, 2011

After recently moving my Domain name to a new provider I completed a quick evaluation of some of the “value-added” services that you can use with a registered domain name.  Typical services such as Secret Registration, Domain-Locking, contact managers, and priority support options all surfaced.

Perhaps one less popular option I came across was the Registry-Lock status that can be placed on a domain name.  You may be more familiar with the commonly used Registrar-Lock option which prevents a domain name from being transferred-out to another provider without the lock first being removed.

In contrast, the Registry-Lock facility appears to be an option that very few accredited domain registrars provide to their customers.  A recent inquiry to DynDNS (a major DNS provider that is also an accredited domain registrar) resulted in a response indicating that such a service was not required nor available from them.  It appears that other Domain providers tend to differ on the subject with a small subset actively advertising the service.  In my Research I immediately found a few companies advertising the Registry-Lock on their websites; Verisign, Buydomains.com, and Neustar Registry Services. Read the rest of this entry »

Target TV show shames Vodafone for inaction on lost handset and SIM

April 20th, 2011

A New Zealand consumer affairs TV show called Target ran an episode on 19th April 2011 about a young Vodafone customer that appeared to have left a Nokia mobile phone and SIM card unattended for a few moments, only to find that it had disappeared on her return to collect it.

The gist of this particular episode was to publicize the unsatisfactory response from Vodafone once they were contacted by their customer about the lost SIM card and handset.

It appeared from this episode that another party (allegedly a Michael) was in possession of the customers SIM card and was actively using it to make calls and send text messages.  The customer upon realising that the SIM was being used by another party contacted Vodafone for assistance.

It appears that in this instance Vodafone placed a bar on the phone to prevent calls being made from it.  However, it then became apparent that the party in possession of the SIM card was simply able to call up Vodafone and answer a few security questions to have the card unbarred/unblocked.  The third party was easily able to answer the security identification questions posed by Vodafone as they all related to recent call history such as calls made and texts sent.

In my opinion, I feel that a customer should be able to completely cancel a SIM card if it becomes lost or stolen (regardless of whether it is a Pre-Pay or contract account).  If I compare this to the banking industry, when a credit card or EFTPOS card is cancelled due to misplacement or theft it can not be reactivated and a replacement must be re-issued.  Vodafone should operate in a better manner for the safety of its customers.

I believe that the SIM card concerned in this particular incident was a pre-pay SIM, of which you don’t have to register your personal information with Vodafone when you purchase one.  I can see how without any sort of registration Vodafone is limited in it’s ability to accurately identify that a person on the end of the phone is the legitimate subscriber of the mobile account.  If you don’t have a method of identifying users who have not registered then you would take a big risk in blocking accounts.  Anyone could call up and have any unregistered pre-pay accounts cancelled.

The overall security of ones handset and SIM card should be a shared responsibility between the customer and the mobile network provider.  When the provider is informed of a loss or theft they should take immediate actions to cancel the SIM card completely assuming they can verify that the caller is the owner with certainty.  If a customer subsequently locates his or her SIM card they should still be required to get a replacement.  Who pays? that’s another story. Read the rest of this entry »

Survive-it Limited: Are you leaking information?

March 8th, 2011

With the recent earthquake tragedy in Christchurch I thought it best to add a few missing items to the family survival/disaster kit and I ordered some key components from the company Survive-it through their online store.  Survive-it operate from Porirua. Despite the large number of orders they were receiving at the time they managed to send out my order quickly and efficiently.

I thought that this simple and straight-forward transaction would be my last dealing with Survive-it.  At least until the next time I need to top up the kit.

Today I received an email from Survive-it.  It was letting me know that they had built a new website.  They indicated in their email that they could not transfer my information from the old website to the new website (including my password), so they had reset it to “surviveit-password”.  This looked a bit funny to me.  No, the password they provided me didn’t look like it was a randomly generated password to protect my account from unsavory types.  Could it be that Survive-it had given every user they moved over the same password?  Surely not!

In subsequent email communications with the Director Rod Hall from Survive-it, he told me that they could only bring over my email and physical address over to new system.  However, What I found when logging in to the site with the password they provided, I could see everything from my previous account.  I could see my full name, email address, postal address, phone number, and previous orders.  I could see all the same details as I had before!

If what I believe has happened is true, Survive-it essentially changed everyones password to the same generic one and then emailed their entire customer base of the fact along with the password!

I sent several emails to Survive-it and received responses from Rod Hall.  When I contacted Survive-it they did not deny the fact that they had given everyone the same password when they moved them to the new system.

When I asked about the information being moved to the new system and available under the above password, Rod Hall replied:

This information is currently publically available (phone books, electoral role etc), under the privacy laws of New Zealand, private information does not include publically available information such as name, address etc. We did not copy phone numbers, order details or any other personal information. We do not hold credit card or any other banking information on our websites (after an order has been processed), therefore no such information is known to us from the old website and is not held on the new website either.

I’m unsure of their reason to clarify their stance on the availability of the information when they claim they have not breached any laws.

Rod’s comments suggest to me that they believe there arn’t any limitations on the information because it’s all publicly available.  Does that mean that it’s ok to link this information that would normally be found from several sources and potentially put it at risk with a weak and known password?

Its good to see that Survive-it does not hold credit card or banking information through their service.  I know that some companies will hold credit card information to speed up processing for their customers, but i don’t really like the added risk attached (are you reading iTunes store people?).

If you are a Survive-it customer, perhaps you should consider contacting them and asking them what is going on.  I see they have a pronounced “delete account” option on their website which I have now made use of.  I will update this entry should any further information come to light.  I invite anyone to make comment on this.

UPDATE: 7:30pm
I have received a further email from Rod acknowledging my displeasure, but strongly adhering to the belief they have done no wrong.