A New Zealand consumer affairs TV show called Target ran an episode on 19th April 2011 about a young Vodafone customer that appeared to have left a Nokia mobile phone and SIM card unattended for a few moments, only to find that it had disappeared on her return to collect it.

The gist of this particular episode was to publicize the unsatisfactory response from Vodafone once they were contacted by their customer about the lost SIM card and handset.

It appeared from this episode that another party (allegedly a Michael) was in possession of the customers SIM card and was actively using it to make calls and send text messages.  The customer upon realising that the SIM was being used by another party contacted Vodafone for assistance.

It appears that in this instance Vodafone placed a bar on the phone to prevent calls being made from it.  However, it then became apparent that the party in possession of the SIM card was simply able to call up Vodafone and answer a few security questions to have the card unbarred/unblocked.  The third party was easily able to answer the security identification questions posed by Vodafone as they all related to recent call history such as calls made and texts sent.

In my opinion, I feel that a customer should be able to completely cancel a SIM card if it becomes lost or stolen (regardless of whether it is a Pre-Pay or contract account).  If I compare this to the banking industry, when a credit card or EFTPOS card is cancelled due to misplacement or theft it can not be reactivated and a replacement must be re-issued.  Vodafone should operate in a better manner for the safety of its customers.

I believe that the SIM card concerned in this particular incident was a pre-pay SIM, of which you don’t have to register your personal information with Vodafone when you purchase one.  I can see how without any sort of registration Vodafone is limited in it’s ability to accurately identify that a person on the end of the phone is the legitimate subscriber of the mobile account.  If you don’t have a method of identifying users who have not registered then you would take a big risk in blocking accounts.  Anyone could call up and have any unregistered pre-pay accounts cancelled.

The overall security of ones handset and SIM card should be a shared responsibility between the customer and the mobile network provider.  When the provider is informed of a loss or theft they should take immediate actions to cancel the SIM card completely assuming they can verify that the caller is the owner with certainty.  If a customer subsequently locates his or her SIM card they should still be required to get a replacement.  Who pays? that’s another story. (more…)

With the recent earthquake tragedy in Christchurch I thought it best to add a few missing items to the family survival/disaster kit and I ordered some key components from the company Survive-it through their online store.  Survive-it operate from Porirua. Despite the large number of orders they were receiving at the time they managed to send out my order quickly and efficiently.

I thought that this simple and straight-forward transaction would be my last dealing with Survive-it.  At least until the next time I need to top up the kit.

Today I received an email from Survive-it.  It was letting me know that they had built a new website.  They indicated in their email that they could not transfer my information from the old website to the new website (including my password), so they had reset it to “surviveit-password”.  This looked a bit funny to me.  No, the password they provided me didn’t look like it was a randomly generated password to protect my account from unsavory types.  Could it be that Survive-it had given every user they moved over the same password?  Surely not!

In subsequent email communications with the Director Rod Hall from Survive-it, he told me that they could only bring over my email and physical address over to new system.  However, What I found when logging in to the site with the password they provided, I could see everything from my previous account.  I could see my full name, email address, postal address, phone number, and previous orders.  I could see all the same details as I had before!

If what I believe has happened is true, Survive-it essentially changed everyones password to the same generic one and then emailed their entire customer base of the fact along with the password!

I sent several emails to Survive-it and received responses from Rod Hall.  When I contacted Survive-it they did not deny the fact that they had given everyone the same password when they moved them to the new system.

When I asked about the information being moved to the new system and available under the above password, Rod Hall replied:

This information is currently publically available (phone books, electoral role etc), under the privacy laws of New Zealand, private information does not include publically available information such as name, address etc. We did not copy phone numbers, order details or any other personal information. We do not hold credit card or any other banking information on our websites (after an order has been processed), therefore no such information is known to us from the old website and is not held on the new website either.

I’m unsure of their reason to clarify their stance on the availability of the information when they claim they have not breached any laws.

Rod’s comments suggest to me that they believe there arn’t any limitations on the information because it’s all publicly available.  Does that mean that it’s ok to link this information that would normally be found from several sources and potentially put it at risk with a weak and known password?

Its good to see that Survive-it does not hold credit card or banking information through their service.  I know that some companies will hold credit card information to speed up processing for their customers, but i don’t really like the added risk attached (are you reading iTunes store people?).

If you are a Survive-it customer, perhaps you should consider contacting them and asking them what is going on.  I see they have a pronounced “delete account” option on their website which I have now made use of.  I will update this entry should any further information come to light.  I invite anyone to make comment on this.

UPDATE: 7:30pm
I have received a further email from Rod acknowledging my displeasure, but strongly adhering to the belief they have done no wrong.

As you may be aware, content distribution networks have been around for quite some  time now, giving businesses the ability to cache web content in order to provide for increased traffic and so that content can be brought closer to the end user, speeding up the download in the process.

The most well known big players in the market are companies such as Akamai and Limelight networks.  The caching packages these companies offer are typically only within the realms of enterprise customers.

Some new competitors have emerged recently, including Amazon who are selling a service and storage platform called Amazon S3.  You can use this network for content storage and it can be upgraded with a new service called Amazon Cloudfront to provide a full content distribution network.

Content Distribution Networks

The idea behind this technology is to provide web surfers with the best experience possible by giving them the fastest and most reliable connection to your web content.

By storing your website content on a multitude of servers around the world you can automatically serve each user from the closest and fastest server, and provide automatic fail-over should one server be unavailable.

You should also note that by spreading your content among a number of servers you are also dividing traffic demands between them.  You can also use this to reduce stress on your existing serving infrastructure.

Some enterprise companies such as Google have implemented their own edge caching network to improve delivery of content to  customers.

SimpleCDN

I have been looking  at the  SimpleCDN content distribution network for web storage and content caching.  They appear to be the new boys on the block and do have some rough edges which do need to be sorted.

(more…)

Comment spam is the bane of every blogger, with Spambots taking up time, bandwidth and human resources, all while adversely affecting website statistics. This article talks about how you can manage this never ending deludge.

I run three other blogs under the nztechie.com domain, in addition to the main homepage of nztechie.com. My other blogs are hosted using Googles Blogger service. To this day I have had never had any cause to complain about the service. I guess I have been fortunate enough to not be plagued by some of the major issues you may have heard about in the press.

Running a blog, you would expect to be exposed to a certain level of spam comments in the articles you write. I certainly have had my share of such comments submitted to my blogs. Fortunately, I have blogger set to require approval on all comments made. Spam comments never see the light of day on my blogger blogs.

NZTechie.com used to run on a Joomla content management system. While it is quite an advanced system, I found it didn’t really meet my needs, and switched to WordPress.

I have never seen so many spam comments submitted on any site which I have administrated since installing WordPress. Again, I have to approve any submitted comments, so spam never reaches my site.

WordPress comes with the Akismet spam plug-in/service which so far has performed fantastically well, catching all spam comments with no false positives. My implementation is of course in its infancy, so time will tell how effective it is. Akismet is described as an intelligent anti-spam solution which actually improves as time goes on.

(more…)