Sign in / up

back to article O2 joins Virgin Media as member of weak crypto software club

It turns out that Virgin Media isn't the only telco still using the weak RC4 stream cipher on the more sensitive areas of its website. Step forward O2, which is also stuck on the broken SSL system. The mobile carrier, as spotted by Reg reader Stephen, still transfers customer bank details over the weak crypto algorithm. If …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *

  1. This post has been deleted by its author

    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      A pedant writes:

      -----

      Posted with the Acme Splaffer

      Dude, your sig sep is borked. It should be dash dash space ("-- ").

      HTH.

      6 0 Reply

      1. This post has been deleted by its author

        1. druck Silver badge
          Reply Icon
          Stop

          Re: A pedant writes:

          How about not using a sig at all, there's enough to scroll through on comment pages without having extra crap on each message.

          2 1 Reply
  2. Anonymous Coward
    Anonymous Coward

    And the Reg...

    ...supports?????

    7 0 Reply

    1. This post has been deleted by its author

  3. John Sager

    Surprising (or perhaps not) how common this still is

    I found the same issue recently with a phone app from a financial organisation who shall remain nameless. It was a server-side issue. Credit to them, they fixed it pretty quickly in comparison to the usual big org timescales after I alerted them. Since the app has been around for a while I was surprised no-one else had found it before I decided to use it.

    0 0 Reply
  4. handle

    Weak passwords

    Don't forget that Virgin Media insists on both a maximum password length and no special characters. Other security howlers shouldn't come as a surprise.

    8 0 Reply
    1. chris 17 Silver badge
      Reply Icon

      Re: Weak passwords

      yep, my passwords can be ~ 16 characters or more long, VM force me to use a crappy weakened password i can never remember.

      0 0 Reply
  5. Anonymous Coward
    Anonymous Coward

    Three..

    If you think that Voda and O2 are bad, you should check the other operators, 3 doesn't score at all well either...

    1 0 Reply
  6. Joe Harrison

    But in real life...

    Not defending poor security practice but let's be fair, cracking RC4 is still "hard enough" to deter blackhats from snaffling that ten quid you just paid to O2.

    0 1 Reply
  7. A Non e-mouse Silver badge

    Keeping up with technology

    And you expect O2 to be keeping up with technology?!? Don't make me laugh. It's 2015 and the self-service systems for corporate customers are still non-existent. Their only offering (My O2 Business system) is stuck in Flash hell with no indication that they're going to move away from it.

    0 0 Reply
  8. hatti

    Translation

    FOR...

    A company spokesbeing told us: "We are aware of this issue and are planning to move away from this system in good time before browser makers remove support next year."

    ...READ

    "We have no idea what you mean but we're all looking forward to our Christmas party piss up."

    3 0 Reply
  9. Naadir Jeewa

    Pretty much the same answer O2 gave when you give them proof that I could access almost any account, including address and billing details, which happened a decade ago.

    0 0 Reply
  10. Graham Triggs

    It's a good job that no telco has been hacked....

    Typical fucking shambles, and these companies ought to be hit heavily for not sufficiently protecting their customer data, regardless of whether they have actually lost any or not.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like