I subscribe Orange ADSL 'and I think that until tonight, I'd never been on the Orange portal.
http://www.orange.fr/portail
And here I am living a moment of terror ... follow me 2 minutes.
First, I lend my son's PC to someone in my family pass home and wants to connect to your mail "Orange". From a distracted eye, I see it connect to the portal in question. And then I fall on my ass I'm connected. Yes me! with my name, my first name. I see emails, there are bills, they are obviously intended to me ... Everything is accessible without entering any username or password with http basic, so they are not encrypted. I try to do well and we eventually found the button that allows you to authenticate using a different login.
But I'm sure I've never logged onto the portal of Orange, with my son's PC (or with any other PC for that matter).
A little bewildered, I go on my other PC (all Linux). Same result. With my smartphone wifi connected. Idem. In any case I am self-connected! I try different browsers (iceweasel, konqueror, opera) still the same. I'm connected and I can manage my account orange broadband. Maybe even make purchases!
I come to tell me that Linux is a symptom, but I do not think so. It's too big. Sure users of other OSes have the same (since I am confirmed that ...).
But first, how the provider shall he MYSELF to login?
Well, a little cool! In a first analysis, we can assume that the supplier uses a simple query to identify the owner of the line drawing on the public IP assigned to the livebox (look for example whoami you know the public IP that is assigned to the owner Internet access that you are using). For good measure, the ethernet address of the livebox may also be used (this address is unique for every device connected to the Internet) by a query arp with the IP address of the gateway (which is a private address, very easy to retrieve)
Well, for this database, I hope they have made the declaration at the CNIL ...
It would still be nice to have precise information on the servers dating back to Orange for our identification. You think?
So, it puts us in doubt. And if they can do this without too tell us, that means maybe they do other things or when they are on the starting blocks to make others more glaucous ...
Well, I'm sure a player a little notice (or better informed than me) can tell us a little more. Feel free to go on your contributions ...
1. Is the
Change provider and / or lobby to change the behavior of the supplier.
And above all, hasten to create an additional mailbox associated with your ADSL internet subscription. The next day (it seems he not now!), entering the identification and password needed to become log (which I've also not tested: not too envy).
And especially do not / no longer use this portal: in the state, he is not trustworthy.
can say that it is the evolution of the Internet ... Soon, only the box providers can connect. Now there are fewer providers ... One box is for sale / lease associated with a forced subscription. Soon it will no longer be possible to use undercover equipment to connect to the internet. For these 3 or 4 models of boxes, it will be easy to require ISPs to build the famous firewall Openoffice advocated by Ms. Albanel directly into the box to permanently keep us safe!
The Orange strategy is in the same direction: to force the owners to secure their Internet connection. And it is clear that with such a security hole, you want to secure their Internet access.
a moment I will go and check on my Orange bill ADSL ... paper.
0 comments:
Post a Comment