Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

New BT website - unsecure????

2»

Comments

  • #32
    Idleater
    Registered Users, Registered Users 2 Posts: 6,236 ✭✭✭Idleater


    Richard Dower wrote:
    I'm not sure if the previous website was SSL secure when you clicked on "view my bill" and the new page wherby you enter username/password?

    Is it important this page also be SSL secure?


    I remember the "entire" btireland site being https before.

    I don't know how important the login page being https is, but the way I figure it, if its not secure and someone happens to grab your plaintext username and password then they essentially can have free reign in your account.

    Most of the webmail programmes have options to "log in securely" which they do over https.

    Something to keep at BT about anyway...

    L.


  • #33
    Richard Dower
    Banned (with Prison Access) Posts: 21,634 ✭✭✭✭Richard Dower


    Somebody give 'em a call about this, i'm eating some chicken.


  • #34
    Idleater
    Registered Users, Registered Users 2 Posts: 6,236 ✭✭✭Idleater


    Richard Dower wrote:
    Somebody give 'em a call about this, i'm eating some chicken.


    I stand corrected. I had a look at the site source and the login form does submit via https:

    https://home.btireland.ie/echannel/BTres.portal?_nfpb=true&homePage_actionOverride=%2Fpageflows%2FloginLogout%2Flogin&_windowLabel=homePage

    L.


  • #35
    PixelTrawler
    Registered Users, Registered Users 2 Posts: 2,299 ✭✭✭PixelTrawler


    nereid wrote:
    I remember the "entire" btireland site being https before.

    I don't know how important the login page being https is, but the way I figure it, if its not secure and someone happens to grab your plaintext username and password then they essentially can have free reign in your account.

    Most of the webmail programmes have options to "log in securely" which they do over https.

    Something to keep at BT about anyway...

    L.

    its vital that page is secure.... you figure perfectly right
    theres no point at all have an ssl site if the login is plaintext

    as you say once you have a login you can do anything


  • #36
    Richard Dower
    Banned (with Prison Access) Posts: 21,634 ✭✭✭✭Richard Dower


    That login page is still not secure.


  • Advertisement
  • #37
    Foxwood
    Closed Accounts Posts: 1,491 ✭✭✭Foxwood


    Richard Dower wrote:
    :eek: OMG, i just logged in to check my bill and it's a new website design, but it's unsecured!!

    Surely this is a breach under the data protection act and common sense?, if the website is not SSL secure then anyone could hack in and steal all your personal information and account details?????

    SSL doesn't make a website any more or less "hackable". SSL encrypts the data travelling between the website and you, so that it can't be "snooped" on, but that doesn't make the server itself any more or less secure from hackers.

    (On a wired DSL line, it's pretty unlikely that anyone is eavesdropping on your connection, because you've got a dedicated connection back to the DSLAM. There was a time when cable broadband had issues with this, because the local part of the network would be shared with your neighbours - I don't know if that's still the case, though. Wireless BB is usually encrypted, though not always).


Advertisement