back to article BT's IPv6 EXPIRED security certificate left to rot on its website

BT may insist that it is committed to a smooth transition to the new interwebs address system – IPv6 – but a quick glance at the company's corporate website last month left some Brits questioning the one-time national telco's promise. That's because the telecoms giant embarrassingly failed to spot the fact that its security …

COMMENTS

This topic is closed for new posts.
N2

Worked for me

Realising I had gone to BT in error & thus unlikely to find anything helpful I clicked 'Get me out of here'

8
0
Bronze badge
Facepalm

At least they are committed to something.

1
0
Silver badge

@Captain Scarlet

Based on the comments I see here about BT, it sounds like they should simply be committed, preferably under a judges order so they can't sign themselves out.

1
0

V6 pioneers..

BT were one of the pioneers of ipv6, they even used to run a free ipv6 tunnel service a few years ago... I wonder what's happened since those days.

0
0
K
Bronze badge

Implementation of IPv6 is a farce..

I've been trying to get this supported by both my home ISP and our leased line provider for about 2 years.. When I ask, the only response I get is "Our plans are currently not advanced enough to discuss them!".

F-Arse!

3
0

Re: Implementation of IPv6 is a farce..

Time to switch ISP. People like A&A have been providing IPv6 on both leased lines and personal ADSL for as long as I can remember (probably 10 years!)

3
0

Re: Implementation of IPv6 is a farce..

There are a number of choices - see https://www.sixxs.net/faq/connectivity/?faq=native&country=gb (or remove the &country=gb if outside the UK).

0
0

This post has been deleted by its author

Silver badge

Re: Implementation of IPv6 is a farce..

You wouldn't believe how many Internet projects I come across that have exactly the same kind of blind arrogance like this. It's enough to give the entire industry a bad name... :)

0
0
Silver badge
FAIL

Re: Implementation of IPv6 is a farce..

The main problem with sixxs is one of the guys in charge is on some sort of ego power trip .

Stick with he.net or hexago if you want a free local broker that isn't in danger of being switched off for no reason by someone who behaves more like a basement geek IRC operator than a professional.

One typical example I just googled: http://www.habets.pp.se/sixxs.net-sucks.php

0
0
Bronze badge
Thumb Down

Re: Implementation of IPv6 is a farce..

When even products like Exchange 2013 (not the year in the name!) aren't 100% IPv6 compatible, then I really do wonder whether the migration to pure '6 will ever happen?

0
0

Re: Implementation of IPv6 is a farce..

I've had FTTC and before that ADSL2/2+ with proper (not tunnelled) IPv6 for over two years at home; I have a /56 block at home, and even my VPN to my house provides v6 communication.

0
0
Silver badge

" ... failed to spot ..."

Somebody should introduce them to 'calendar apps' and 'event alarms'.

2
0
Anonymous Coward

Re: " ... failed to spot ..."

indeed - particularly as exactly the same happened last year.

2
0
Silver badge

Re: " ... failed to spot ..."

Send them a pad of sticky notes. (proven technology)

1
0

Re: " ... failed to spot ..."

sticky notes with glue that expires after 11 months, now that would be great! anything thats fallen on to your desk overnight needs to be acted on!!

4
0
Facepalm

Unaware my arse...

I know that at least two people told them about this on 20th February, because one of them was me:

https://twitter.com/thughes/status/436415632134131712

https://twitter.com/aaisp/status/436419441056677888

Not that I ever got any response of course...

6
0
FAIL

Re: Unaware my arse...

I'm not sure it's specific to IPv6. I've seen the updated certificate on a V6-capable connection, and the expired certificate on a IPV4-only connection (as well as vice versa). I think they have a CDN node that still hold the old certificate.

A colleague reported it via twitter, and was told (by @btcare) "Everything seems fine from our end".

1
0

Pardon?

"We, in BT, continue to manage efficiently our allocation of IPv4 address space and are also taking the necessary steps to manage a transition to IPv6."

Hmmm -> http://btsupport.custhelp.com/app/answers/detail/a_id/44044/c/6433

0
0
Silver badge

And The Reg's plans to show their support by IPv6 by putting up a single AAAA record and actually bothering to enable it for a single website, obviously show up BT's national-telco for not bothering to enable it for every single one of their customers?

Rule #1: You can post a snide article about IPv6 support when your website supports it. (And, yes, mine does).

Until then, you're just adding to the problem, not leading the way towards adoption.

6
0
Anonymous Coward

In a similar vein....

And The Reg's plans to show their support by good security practice by having our usernames and passwords sent in clear text to this forum rather than bothering to enable https for a single website?

Rule #1: You can post a snide article about security when your website supports it.

Until then, you're just adding to the problem, not leading the way towards adoption.

0
0
(Written by Reg staff)

Re: In a similar vein....

If you use the same email/password combo for El Reg comments as you do for something important (say, oh I dunno, your ISP login creds...), then you probably deserve the inevitable consequences.

1
3
Silver badge

Re: In a similar vein....

Although this is, indeed, correct it still does not exclude a tech journalism site from eating their own dog-food.

It would take a phone call to your host, a few grand, and a bit of tinkering to enable both IPv6 access and SSL access (at least for the login stage, blanket SSL might impact the number of servers required, etc.).

But it annoys me that The Reg, Slashdot, all these "Ha, look how stupid these people are to not enable IPv6 / SSL / SPF / Whatever already" sites never have it enabled.

If I can do it in an afternoon for my own personal dedicated server, it shouldn't take the Reg this many years of snarky comments to also enable it for themselves. Hell, it's not like IPv6 even costs money on new product - anything you have almost certainly already supports it so even a limited never-ending "beta" would show you what percentage of people are likely to use it.

0
0
WTF?

They got their IPv6 site working then?

Last time I looked, a couple of years ago, accessing www.bt.com over IPv6 it just hung.

1
0

Re: They got their IPv6 site working then?

It was broken a lot more recently than that, last year IIRC. AFAICT there was simply no server on the address given by teh AAAA record. I did report it to them, but several months later it was still offline.

If someone the size of, and with the resources of, BT can't get it right ...

0
0
Happy

The fix for any weird network problem is usually...

.. disable IPV6.

Then, at least you only have one problem to solve, not two!

3
0
Bronze badge

Surely they should have monitoring software that checks cert expiry dates...on ipv4 and ipv6...ohhh, that would be too sensible right...

0
0
FAIL

If you're a BT broadband customer...

Try this website:

http://test-ipv6.com/

to see how they're getting on with the IPv6 rollout.

0
0
Anonymous Coward

Re: If you're a BT broadband customer...

On BT ADSL

getting a score of 0/10 !!

0
0
Anonymous Coward

BT still having memory problems?

https://community.bt.com/t5/Other-Broadband-Queries/Untrusted-certificate-when-trying-to-change-password/td-p/1193301

0
0
Anonymous Coward

I'm not convinced any plans they have for IPv6 in 2014 will ever be "exciting".

0
0
This topic is closed for new posts.

Forums