Why tvlicensing.co.uk are processing millions of customers’ data insecurely

guest · Sep 6, 2018

Why tvlicensing.co.uk are processing millions of customers’ data insecurely
September 5, 2018
https://i83.co.uk/why-tvlicensing-co-uk-are-processing-millions-of-customers-data-insecurely/

Update: I would like to make clear that this post was written after tvlicensing.co.uk had publicly tweeted there were no security issues with their website. Please note; the calculation of affected users is a yearly estimate on users are being processed, assuming nothing changes – not necessarily users that have been processed.
Click to expand...

Despite the claims on their website, tvlicensing.co.uk are sending personally identifiable information and bank details in plain, unencrypted text.
The TV Licence website is not secure
When looking at the official UK TV licensing website today, I noticed when I started the payment procedure that Google Chrome clearly marked the website as “Not Secure”. This essentially means that the website does not use HTTPS, a form of connection security that uses a certificate to prove the website’s identity to browsers and encrypts information in transit.
Does it actually matter?
In a word, yes. The most common misconception is that secure HTTPS connections are only required on pages that are highly sensitive, such as processing payments. The UK’s own National Cyber Security Centre advises that “all websites should use HTTPS, “even if they don’t include private content, sign-in pages, or credit card details.”

[...] This leaves you open for a myriad of potential problems, such as attackers being able to inject extra code into the page you’re looking at, without your knowledge.
Click to expand...

mirimir · Sep 6, 2018

I've been shocked by how common it is for providers to email server and VPS passwords to customers. But I guess they figure that smart customers will change them ASAP. And if adversaries change them first, customers will just file a ticket to complain. But then, what about hidden backdoors? Anyway, secure providers require that customers provide public SSH keys, and just don't use passwords.

Log in or Sign up

Why tvlicensing.co.uk are processing millions of customers’ data insecurely

guest Guest

mirimir Registered Member

Log in or Sign up

Why tvlicensing.co.uk are processing millions of customers’ data insecurely

guest Guest

mirimir Registered Member

Useful Searches