After recently moving my Domain name to a new provider I completed a quick evaluation of some of the “value-added” services that you can use with a registered domain name.  Typical services such as Secret Registration, Domain-Locking, contact managers, and priority support options all surfaced.

Perhaps one less popular option I came across was the Registry-Lock status that can be placed on a domain name.  You may be more familiar with the commonly used Registrar-Lock option which prevents a domain name from being transferred-out to another provider without the lock first being removed.

In contrast, the Registry-Lock facility appears to be an option that very few accredited domain registrars provide to their customers.  A recent inquiry to DynDNS (a major DNS provider that is also an accredited domain registrar) resulted in a response indicating that such a service was not required nor available from them.  It appears that other Domain providers tend to differ on the subject with a small subset actively advertising the service.  In my Research I immediately found a few companies advertising the Registry-Lock on their websites; Verisign, Buydomains.com, and Neustar Registry Services. (more…)

A New Zealand consumer affairs TV show called Target ran an episode on 19th April 2011 about a young Vodafone customer that appeared to have left a Nokia mobile phone and SIM card unattended for a few moments, only to find that it had disappeared on her return to collect it.

The gist of this particular episode was to publicize the unsatisfactory response from Vodafone once they were contacted by their customer about the lost SIM card and handset.

It appeared from this episode that another party (allegedly a Michael) was in possession of the customers SIM card and was actively using it to make calls and send text messages.  The customer upon realising that the SIM was being used by another party contacted Vodafone for assistance.

It appears that in this instance Vodafone placed a bar on the phone to prevent calls being made from it.  However, it then became apparent that the party in possession of the SIM card was simply able to call up Vodafone and answer a few security questions to have the card unbarred/unblocked.  The third party was easily able to answer the security identification questions posed by Vodafone as they all related to recent call history such as calls made and texts sent.

In my opinion, I feel that a customer should be able to completely cancel a SIM card if it becomes lost or stolen (regardless of whether it is a Pre-Pay or contract account).  If I compare this to the banking industry, when a credit card or EFTPOS card is cancelled due to misplacement or theft it can not be reactivated and a replacement must be re-issued.  Vodafone should operate in a better manner for the safety of its customers.

I believe that the SIM card concerned in this particular incident was a pre-pay SIM, of which you don’t have to register your personal information with Vodafone when you purchase one.  I can see how without any sort of registration Vodafone is limited in it’s ability to accurately identify that a person on the end of the phone is the legitimate subscriber of the mobile account.  If you don’t have a method of identifying users who have not registered then you would take a big risk in blocking accounts.  Anyone could call up and have any unregistered pre-pay accounts cancelled.

The overall security of ones handset and SIM card should be a shared responsibility between the customer and the mobile network provider.  When the provider is informed of a loss or theft they should take immediate actions to cancel the SIM card completely assuming they can verify that the caller is the owner with certainty.  If a customer subsequently locates his or her SIM card they should still be required to get a replacement.  Who pays? that’s another story. (more…)

With the recent earthquake tragedy in Christchurch I thought it best to add a few missing items to the family survival/disaster kit and I ordered some key components from the company Survive-it through their online store.  Survive-it operate from Porirua. Despite the large number of orders they were receiving at the time they managed to send out my order quickly and efficiently.

I thought that this simple and straight-forward transaction would be my last dealing with Survive-it.  At least until the next time I need to top up the kit.

Today I received an email from Survive-it.  It was letting me know that they had built a new website.  They indicated in their email that they could not transfer my information from the old website to the new website (including my password), so they had reset it to “surviveit-password”.  This looked a bit funny to me.  No, the password they provided me didn’t look like it was a randomly generated password to protect my account from unsavory types.  Could it be that Survive-it had given every user they moved over the same password?  Surely not!

In subsequent email communications with the Director Rod Hall from Survive-it, he told me that they could only bring over my email and physical address over to new system.  However, What I found when logging in to the site with the password they provided, I could see everything from my previous account.  I could see my full name, email address, postal address, phone number, and previous orders.  I could see all the same details as I had before!

If what I believe has happened is true, Survive-it essentially changed everyones password to the same generic one and then emailed their entire customer base of the fact along with the password!

I sent several emails to Survive-it and received responses from Rod Hall.  When I contacted Survive-it they did not deny the fact that they had given everyone the same password when they moved them to the new system.

When I asked about the information being moved to the new system and available under the above password, Rod Hall replied:

This information is currently publically available (phone books, electoral role etc), under the privacy laws of New Zealand, private information does not include publically available information such as name, address etc. We did not copy phone numbers, order details or any other personal information. We do not hold credit card or any other banking information on our websites (after an order has been processed), therefore no such information is known to us from the old website and is not held on the new website either.

I’m unsure of their reason to clarify their stance on the availability of the information when they claim they have not breached any laws.

Rod’s comments suggest to me that they believe there arn’t any limitations on the information because it’s all publicly available.  Does that mean that it’s ok to link this information that would normally be found from several sources and potentially put it at risk with a weak and known password?

Its good to see that Survive-it does not hold credit card or banking information through their service.  I know that some companies will hold credit card information to speed up processing for their customers, but i don’t really like the added risk attached (are you reading iTunes store people?).

If you are a Survive-it customer, perhaps you should consider contacting them and asking them what is going on.  I see they have a pronounced “delete account” option on their website which I have now made use of.  I will update this entry should any further information come to light.  I invite anyone to make comment on this.

UPDATE: 7:30pm
I have received a further email from Rod acknowledging my displeasure, but strongly adhering to the belief they have done no wrong.

I’ve been spammed again by Aerial Impressions Aerial Photography.  The last round of spam I had to deal with from them was in February 2010. Gmail’s spam filtering is normally pretty good but it seems that our old spamming nemesis Aerial Impressions seems to still somehow come through.

When Aerial Impressions sent me an unsolicited email last year I reported the offence to the Department of Internal Affairs Anti-spam unit as a breach of the Unsolicited Messages Act.  I provided a written and signed statement to the effect but was not called to the stand to testify in person.  As far as I am aware the company providering spamming services (Image Marketing Group) was prosecuted and fined for numerous illegal spam email campaigns it has run.

It’s the same old email! They still appear to be including a non-functioning opt-out facility as I have obviously reappeared in their email database for further spam.  Remember, an organisation must have your explicit or inferred consent to send you material advertising their products.  If they don’t have it, they are breaking the law!

The email received today originated from an Australian email address (aerialimpressions@westnet.com.au), so perhaps NZ spam laws do not have enough teeth to deal with this particular offender.

They give the appearance that they are a large international company.  I can see that they saturate six out of the first ten searches on Google for “Aerial Impressions” with separate websites under .co.nz, .com, and .co.uk domains.  A .com.au address surfaces on the subsequent page of results.  In the search results i’ve also spotted a very old acquaintance Mark Foster who has delved a bit further in to tracking down who these people are via technical means.

His original blog post on the matter is here.

I see that Aerial Impressions don’t seem to volunteer a lot of concrete information.  I believe they are using a Virtual PO Box and physical address provided by the company Private Box (a company I have had less then pleasant dealings with in the past).  This Virtual PO Box and office service seems to support customers who would wish to hide the location of their real offices.

If I wanted to run a company and conceal my real address but still want to make it look open by providing a physical location to potential customers, this Private Box service would be a perfect front.  On the other hand, I can see many valid and legitimate reasons for using such a service.  It’s just doesn’t look like it in on the surface here.

Have you received any spam from Aerial Impressions?