Orange security

Whilst speaking to an Orange call centre jockey I was asked for two
specified characters from my password. I declined and, instead, gave
another form of identification. The Orange call centre jockey then said
something like that's OK your password is ...

In other words everyone at the Orange call centre has access to ALL security
information. Can you trust each and everyone of them not to use such
information to access accounts?

Orange customer security is just not secure!!!

Regards.

Bill Ridgeway

Bill Ridgeway wrote:
> Whilst speaking to an Orange call centre jockey I was asked for two
> specified characters from my password. I declined and, instead, gave
> another form of identification.

Just out of interest why would you not give the two letters?

Peter Crosland

In message <f2vb2h$olj$(E-Mail Removed)>, Bill Ridgeway
<(E-Mail Removed)> writes
>Whilst speaking to an Orange call centre jockey I was asked for two
>specified characters from my password. I declined and, instead, gave
>another form of identification. The Orange call centre jockey then said
>something like that's OK your password is ...
>
>In other words everyone at the Orange call centre has access to ALL security
>information. Can you trust each and everyone of them not to use such
>information to access accounts?
>
>Orange customer security is just not secure!!!
>
>
I would imagine that the systems they use log all accesses.

--
dave @ stejonda

On Tue, 22 May 2007 19:22:49 +0100, "dave @ stejonda"
<no$spam!delete&abuse%(E-Mail Removed)> mused:

>In message <f2vb2h$olj$(E-Mail Removed)>, Bill Ridgeway
><(E-Mail Removed)> writes
>>Whilst speaking to an Orange call centre jockey I was asked for two
>>specified characters from my password. I declined and, instead, gave
>>another form of identification. The Orange call centre jockey then said
>>something like that's OK your password is ...
>>
>>In other words everyone at the Orange call centre has access to ALL security
>>information. Can you trust each and everyone of them not to use such
>>information to access accounts?
>>
>>Orange customer security is just not secure!!!
>>
>>
>I would imagine that the systems they use log all accesses.

Not really the point.
--
Regards,
Stuart.

In message <f2vb2h$olj$(E-Mail Removed)>
at 18:59:06 on Tue, 22 May 2007, Bill Ridgeway
<(E-Mail Removed)> wrote
>Whilst speaking to an Orange call centre jockey I was asked for two
>specified characters from my password. I declined and, instead, gave
>another form of identification. The Orange call centre jockey then said
>something like that's OK your password is ...
>
>In other words everyone at the Orange call centre has access to ALL security
>information. Can you trust each and everyone of them not to use such
>information to access accounts?
>
>Orange customer security is just not secure!!!
>
>Regards.
>
>Bill Ridgeway
>
>
Also try calling again - they will probably ask for the same 2
characters from your password again
--
Mike News

dave @ stejonda wrote:
> In message <f2vb2h$olj$(E-Mail Removed)>, Bill Ridgeway
> <(E-Mail Removed)> writes
>> Whilst speaking to an Orange call centre jockey I was asked for two
>> specified characters from my password. I declined and, instead, gave
>> another form of identification. The Orange call centre jockey then said
>> something like that's OK your password is ...
>>
>> In other words everyone at the Orange call centre has access to ALL
>> security
>> information. Can you trust each and everyone of them not to use such
>> information to access accounts?
>>
>> Orange customer security is just not secure!!!
>>
>>
> I would imagine that the systems they use log all accesses.
>
You'd be surprised...

--
Abo
BATracer: Browser Based Racing Simulation:
http://batracer.com/-1FrontPage.htm?6q0

(E-Mail Removed)ks declared for all the world to hear...
> > I would imagine that the systems they use log all accesses.

> You'd be surprised...

They do, although many staff are unaware of this and/or do not believe
it. On most systems the logs are only accessible by corporate security,
and would not be made available for example to solve a simple customer
service issue.
--
Regards
Jon