Copied from the ISP review forum:
1. Go to the Broadband Dashboard at
http://supportcentre.talktalk.net/
2. Login as normal with your Master Account username and password
(i.e.
(E-Mail Removed) for your landline number)
3. Look at the status bar at the bottom of you Browser whilst
hovering over 'Connection' or 'E-Mail' or 'Webspace' links!
You will see your authentication credentials being plainly published
for the attention of any would-be hacker, in the form of a URL as
below.
http://supportcentre.talktalk.net/cgi-bin/login.cgi ?
hostname=02079813040 &password=O0F2T0C7O9 &action=username &tab=1
This is very serious because it means that every time you access the
Support Centre it will be transmitting, in an unencrypted form, all
the information necessary to hack your account. With minimal effort
this can be retrieved at any point between you and the Support Centre
cluster, in fact, it will be sitting there in the server log files and
may even be passed to a third parties for usage reports. You are
particularly vulnerable to other users on your network, proxy servers,
or through access to your computer and the Browser History Cache
(search for
http://supportcentre.talktalk.net/cgi-bin/account.cgi).
More crucially, access to the Support Centre through any computer
infected with SpyWare will instantly compromise your account.
Don't even think about using HTTPS (encryption), first of all, they do
not have a valid certificate installed, and secondly, it redirects to
a 'Test' environment - look at the Title Bar.
http://www.ispreview.co.uk/talk/show...threadid=24842
Similar Threads
Linear Mode
