Bad experience with XeroBank

Discussion in 'privacy technology' started by elumineX, Jun 20, 2008.

Thread Status:
Not open for further replies.
  1. elumineX

    elumineX Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    34
    I read a lot about XeroBank here and decided to give it a try. I read it was easy, secure and if you did have any problems they had a fast support ticket system - all good, at least that's what I thought... but reality was different apparently. I'd like to share this story with anywhom intersted. After all I think its only fair to other potential new buers to highlight current problems. Here it goes...

    First of I installed the xbVPN client on my vista x64 machine. Then it asked me to install the virtual network drivers. I pushed yes, and it asked me to restart. I pushed yes again.
    Suddenly a message pops up telling me "normally this is where we would reboot. But you are using a development build" - then the client starts up and gives me the following message "connecting to Best Effort has failed". After that nothing happens.
    I restart the system and as expected the xbVPN autostarts. Again it asks me to install the virtual network drivers. I repeat steps above, restart, and it happens again. So I'm stuck with a non-working vpn client.

    Knowing in the back of my head about XeroBanks ticket system, I go to their site and try to find this system. After looking for several minutes i found it placed out of context in a help bar that only appears under certain pages (which was why I couldn't find it obviously).
    So I press "Support ticket", nothing happens. I try again, and nothing happens. I figure it might be a browser incompatibility problem so I fire up IE and guess what it still doesn't work.
    Right.. so now I'm stuck with a non working vPN client and a non working support ticket system.

    I see another link on XeroBanks page refering to non-customer support tickets. Being a paying customer, I really feel helpless - especially going through the "normal" support. Anyway I fill in the support ticket and send it off feeling relieved -something- at least worked. A minute later I receive an email from XeroBank support. Great! That was fast. At least I thought it was... opening the email I am yet again disappointed. The email says:
    "We are sorry but you must use the webform to open a support ticket.Your email was not received by our support system.
    Please use the webform here: ..."

    So the link which I cut out, refers me to ANOTHER support form which looks like I don't know what. Half of the page isn't working in either FF or IE and I can't find the OK or SEND button in it. Apart from that IE wouldn't even let me visit the page at first, complaining about an invalid security certificate (expired it said). Apparantly the send button is the red cross on the page, so I fill in the form and send it off yet again (having to remember what I wrote in the fist form..).

    Now I'm waiting on a response, which I'm honestly doubting will ever show up in my e-mail. I'll let you know if it does.


    PS: I was surprised to see that your default profile at XeroBank has no password. When you sign up you receive an accout access number in the format "xxxx xxxx xxxx xxxx". When signing in thats the only thing you use, unless you create a password in your profile. So if someone got a hold of my account access number (or even just guessed it, which is not THAT unlikely seeing they probably have a lot of cutomers) they could access my account and create a password and I'd be in real trouble. Not very impressed...
     
    Last edited: Jun 20, 2008
  2. geazer40

    geazer40 Registered Member

    Joined:
    Jun 11, 2008
    Posts:
    128
    well not as bad a prob as yours but just tried to sign up but it come up with a warning which i never understood so tried to log into accounts with the numbers it gives you and account is there but i ain't paid nothing and it showing 35 usd so i just logged out and went no further so as a newbie i just got scared off so not sure what to do o_O :(

    i think for now i will wait till you got a simpler vpn and retry can you tell me do i just leave the account as it is because i ain't paid nothing or does the admin need the account numbers cheers
     
    Last edited: Jun 20, 2008
  3. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I had that problem. I had to call Dalpay to redo it. I just replied to the XB2 email that was sent as an invitation and gave them my deposit account. They fixed it in a couple of hours.
     
  4. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    I received the same message when installing xB VPN on Windows Vista (32-bit). While it didn’t cause any problems in my case, I thought that it was slightly “unpolished” and a bit “unprofessional” in appearance.

    This didn’t occur when I installed xB VPN on Windows Vista (32-bit). I was, however, logged into an administrative account during the installation process, so maybe that made a (positive) difference?

    You’re right. I think that the email acknowledgement sent by XeroBank to newly enrolled customers should highlight this fact, and provide step-by-step instructions for adding a password to both the Access and Deposit accounts. It’s not a difficult or a required procedure, but customers should be “encouraged” to take this step, in my opinion.
     
  5. elumineX

    elumineX Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    34
    I got a reply from XeroBank stating that this message was a message from a the development build from the x64 version (weird it shows up in the x32 version as well then?). They "fixed" it now it seems as I got a new version from a seperate link.
    I also thought this was a bit unpolished together with the non-working ticket system.

    I'm also logged in as administrator. I've UAC completely disabled so that should not be causing any problems.
     
  6. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    I can't comment on the support issues, but I can say the OpenVPN has some problems with x64. You can find some supposed x64 TAP drivers for OpenVPN here: http://www.openvpn.se/files/xp64/tap-win64.zip

    As for the access code, it actually is a username and password all in one. The difference between them is really only in your mind. Why? Because the combination is all about entropy. Let's take a look:

    AAAA BBBB CCCC DDDD - this is your access code

    Imagine that your username is actually AAAA BBBB and your password is CCCC DDDD. It's the same idea, but so simple that some people freak out and misunderstand that it doesn't have a password, when they are one in the same, you just input them in the same box.

    A user with just the access account # could NOT access your email of file storage, and if you ever had them enabled, he wouldn't be able to access anything at all, because those actions set an additional third layer: PIN encryption.

    So the essence is it looks shockingly simple, and is easy to use, but has strong security. That is how security should be properly designed. :)
     
  7. elumineX

    elumineX Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    34
    Of course. But in essence this is *not* a password - in reality it's a single string containing ONLY numbers. You say this is secure? An 8-bit (or even 16-bit if we take the whole key) password only in numbers is not what I would call secure, and I know you wouldn't either.

    Actually entering the whole key into XeroBanks OWN password entropy calculator gives me:
    * Password Strength: Very Weak
    * Entropy: 25.2 bits

    Fact is if the customers doesn't create a default password (which they aren't adviced to do anywhere when signing up or has signed up), their key can be guessed relatively easily, and that it is a very insecure key.

    I tried those but during install it goes:
    "tap-win64\tapinstall.exe" install "tap-win64\OemWin2k.inf" PCIVirt
    Device node created. Install is complete when drivers are updated...
    Updating drivers for PCIVirt from tap-win64\OemWin2k.inf.
    tapinstall.exe failed."
     
    Last edited: Jun 21, 2008
  8. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    eluminex,

    I think you've overshot the goal a little. 1) You can't enumerate the cards with a "guessing" game, you'll get locked out way before that. 2) Even if you *could* guess the right card number, it doesn't compromise any information. An account with no information is not required to have a PIN, but can. Any account that sets information is required to have a PIN, boosting entropy to at least 46+ bits. QED: All accounts are secure.

    Think of it like highschool lockers. All lockers have a regular combination lock. However anyone who has a locker with books in it has an additional padlock, but not everyone who has a padlock has books in their locker. Despite the fact that some lockers don't have padlocks, all books are secured. And now you're blindfolded and can't find any lockers, and if you hunt for one you'll be kicked out of school.

    As for the TAP drivers, did you right click and run as administrator? That is necessary, and should have definitely thrown a popup at you saying a kernel level driver was trying to be installed. If it still failed, you may have other virtualized drivers that are blocking the installation, or of course, you could just be another victim of arbitrary vista "security"!
     
  9. elumineX

    elumineX Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    34
    I get your point. Ponder this: let's say I create a new account. The account has no information but is also not protected with anything else but the key. I go on vacation and doesn't use my account for a couple of weeks. Someone is lucky to guess my key (I know this is not very likely but it's still -possible- and not THAT unlikely compared to a 128 or even 64 bit key). That someone logs into my account and creates a pin number. I get home from vacation and can't access my account anymore because it's protected with a pin number I don't know. Correctly as you say, this doesn't compromise any information, but it does cause me to go to a lot of trouble to get the account back. No matter if the problem is tiny or not a 16 bit key with only numbers is in reality not enough protection and I bet most users feel it's a kind of false security.

    Yes I tried that as well. I have 2 VMWare virtual net adapters installed, and somehow I think the problem might be related to them (most logical at the moment don't?)
     
  10. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Let's assume it could be used as a denial of service attack. An attacker would have to go through an incredible amount of trouble to try to deny you access to your VPN credentials, assuming you didn't already have them for some reason. Is this enough security? Let's see! It's just like your credit cards, except this time the attacker can only keep you from making a "purchase" and can't steal your money/identity.

    So the security properties are that it is :
    1) easy to use
    2) easy to access
    3) hard to discover
    4) hard to disrupt
    5) no reward
    6) at most a minor inconvenience to the user.

    Result: That is very unattractive to any attacker.
     
  11. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    It is a small point, Steve, but note that sometimes XeroBank refers to a “PIN” and other times to a “password.” I recommend that you utilize consistent terminology so as not to confuse users.

    Are you running version 2.0.0.14b of the XeroBank Installer? That is the version that I have, and the one that is listed as currently available on the XeroBank website.

    Thank you.
     
  12. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    I too can duplicate and confirm the experience of elumineX: the technical support ticket system on the XeroBank website (public webpage or logged onto the Access or Deposit account) is not functional. This is quite disappointing, since the situation is “customer unfriendly” and reflects poorly on the quality of the company in total, in my opinion. Hopefully, this is a problem that will receive the highest priority in XeroBank and one that will be completely resolved in the very near future.

    Steve, while waiting for this issue to be addressed, what is the procedure to submit a technical support request to XeroBank?

    Thank you.
     
    Last edited: Jun 23, 2008
  13. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    I checked it and the submit form works just fine. Some people have stated they get a message back but I need to hear more about what they're doing when they get that message. The normal support form is reporting 100%.

    http://xerobank.com/support.php
     
    Last edited: Jun 23, 2008
  14. elumineX

    elumineX Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    34
    The support forms does work now. Apparently XeroBank fixed it. They didn't work before though.

    Anyway I had several talks with XeroBank by e-mail, and after they even built a new client that supposedly should have better vista x64 compatibility, it still doesn't work for me. So it seemed they were running out of ideas... well I tried fixing it myself and I did.

    The solution (which worked for me), was to first install the newest openvpn client from here

    hxxp://openvpn.net/release/openvpn-2.1_rc7-install.exe.

    This client is the only one that is able to install the tap drivers on my x64 system. Then install XeroBank software afterwards and everything will run fine.

    Conclusion is that XeroBank's software isn't fully x64 vista compatible (even though they claim it to be). I told them to check out the x64 tap drivers from the beta OpenVPN install, and also asked them to cancel my subscription.
    Perhaps I will return in the future when they fixed their client :)
     
    Last edited by a moderator: Jun 24, 2008
  15. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Yes, I too am pleased to see that the XeroBank web form has been repaired. In particular, the pull-down menu for the “Subject” field now includes “Tech Support”, which was previously absent.

    And a few recommendations on this form for XeroBank to consider:
    • The scroll bar on the right-side of the “Body” text box does not work
    • Consider the option of allowing a user to attach a file to the support request to document the question being asked (e.g., a screen image)
    • After pressing the “Submit Ticket Request” button, display a message in the browser confirming that the ticket has been successfully received by XeroBank
    Kudos to XeroBank for addressing this issue so quickly!
     
  16. KSec

    KSec Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    3
    I must say that I am not happy with XeroBank so far, I was customer last year but I signed up over a week ago and I have emailed them several times with no response, also I have been around in the forum for a while just as leecher / learning :) a little and decided to create and today just to give my experience so far with XeroBank, I am new here this being my first post but I was motivated to sign up here mainly due to this, here are some facts:

    1 - Their website was just with link place holders while they were launching V2 of XB, which I consider pretty much unprofessional from a "Solid" company, if you are going to upgrade or something you should do that in your sandbox and then migrate once you have all ready for you former and new customers/prospects.

    2 - Once I signed up I saw no more than empty info and not in depth documentation.

    3 - So far I have not been able to use the service, I try to install then I give my card code then it asks me for my PIN code which I guess and from what I have read is the password I generated within XB control panel, anyway it doesn't work.

    4 - The most important, again I have tried to contact them to solve the issue but I never got a response, before their form was broken and not connected to the account login but as I see now it is, either way still no answer from XB.

    I can say last year I liked the service so far but I even referred several people, but now has been just a bad experience so far and the lack of customer service/support.

    I may be making something wrong? It may be possible but that is not the main point but the lack and poor response from XeroBank, in terms of the XB service itself i cannot say anything yet since I have not been able to use it. My expectations from this new version and revamp of XB were higher than I should have expected.

    Take this just as my personal experience and introduction to the forum :) , other members may not be facing this issues. I just want to state again I am not against XB or I am saying is a bad service because I have not been able to use it, it just happen that they have the worst tech / customer support response I have ever seen.

    KS

    EDIT: Typos Found ( as always )
     
  17. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    What tickets did you submit and when? I logged in and I saw no tickets open or unaddressed. Are you checking your spam box?
     
  18. elumineX

    elumineX Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    34
    Tbh the whole XeroBank support is VERY unattractive. When you visit (https://xerobank.com/support.php) from the Support button on your page, you get a support form. When you fill it out and send it, two minutes later you get a message saying:
    Come on? I wrote a half page support ticket to you guys, and then I had to write it all again because of this. Happend several times. Why on earth have a support system that misleads the users in such a way?
     
  19. KSec

    KSec Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    3
    Was on June 17 (yes one week ago :) ) there was not real ticket number I got this first trying to email support:

    Then I did that but was not working, neither connected to my account, I just contacted again and I got a reply explaining that the PIN number cannot have special characters only alphanumeric (that lowers a lot the strength of your PIN / Password) but that you should have an update on that tomorrow according to what support said.

    Lets see...
     
  20. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    I too received the same email message when I first attempted to use the XeroBank technical support form a few days ago; however, based on my more recent experience, this specific issue has been fixed.

    I recognize that XeroBank has multiple competing priorities (like any business), but a focus upon making customer support a seamless experience, completing the promised white papers, and providing links to source code (etc.) all serve to enhance customers’ trust in the service—a key element for a company in the anonymity business, in my opinion. From a marketing perspective, XeroBank can seek to differentiate itself from the competition on technical merit, but that strategy is increasingly difficult to sustain and to sell. A customer rather than a product perspective, however, might serve the interests of the company better over time.

    Yes, XeroBank would be well advised to use consistent terminology: either PIN or password, but not a mixture of both. Simple things like this do cause confusion, and should be easy and quick to fix.

    Interesting comment, because I submitted a ticket yesterday – and, have not yet received a response. This suggests that somehow my ticket was “lost” in the system. :( As suggested in post #15, it would be quite helpful to have the customer support ticket system issue an immediate acknowledgement that a request has been received, so that the user knows her or his ticket is in queue.

    My comments here are offered in the spirit of "helpful feedback," and not as a criticism of XeroBank.
     
  21. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    pleonasm,

    Do you have a ticket ID or subject title?
     
  22. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Unfortunately, no. Steve, at what point in the technical support process is a ticket ID issued? I never received a confirmation that my submitted ticket was received, and about three days have passed without a XeroBank follow-up communication of any kind.

    P.S.: Your kind reply to this thread seems to answer my issue, so this specific ticket is probably no longer relevant. However, whatever went wrong in my own case may be indicative of a larger problem impacting many users of the ticket support system. For this reason, it may be worthwhile for XeroBank to perform a comprehensive quality check on that system.
     
  23. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Pleonasm,

    Let's get together in PM and see if we can duplicate the problem you are having.
     
  24. KSec

    KSec Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    3
    Does XeroBank Support really exist? I have not been get any answer from them besides there has not been an issue solved , at the I have not been able to use XeroBank service at ALL since I signed up. I think there should be a little more effort on the knowledge base, know issues, and support in general. If you want my ticket # let me know and I will PM it to you.

    So far I would SAY I don't recommend the service since seems like is in a a very early stage even that they has been around for a while and I used the service last year without issues. But now with the new version and website of xB all seems like a rush-home-made operation from what I have experienced so far.

    KSec

    EDIT: Also as I remember when I used xB last year you were able to choose different payment options which I don't see any longer other than dialpay, I must say I don't like to use my online usually and was great before having those alternate payment methods, others payment methods are being implemented? ex, Egold, LibertyReserve, WMZ, WU, etc
     
    Last edited: Jul 1, 2008
  25. elumineX

    elumineX Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    34
    I second that. I also submitted a support ticket two days ago, and even wrote directly to their email which I got from an OLD support ticket. I didn't receive any response yet?
     
Thread Status:
Not open for further replies.