January 2003 — Monthly Archive
In October 2002 I wrote about non-existent security for Indiatimes email users (about which ’til date exactly zilch has been done). While browsing around, I discovered that things are even worse than they appear if you use any Indiatimes password-protected feature with the “Remember Me” feature checked: this includes their Cricket site, PhotoGallery and Filmfare. The same password is used for (ouch) their shopping and classifieds-submission sites. If you are
one of these users, anyone with access to your desktop (common in shared environments) can grab your Indiatimes login and password, no network sniffer required! All they have to do is fire up a browser (IE will do nicely), browse over to this very helpful URL and grab the username and password off the source of the XML page that results.
Okay, so at least it’s not remotely exploitable. I think. (Probably not until someone writes a worm/virus that exploits this particular flaw.) Still, somebody ought to tell these guys that passwords for portals with pan-India ambitions should be managed slightly better. Yahoo would have their heads bitten off if they did something like this.
(Note: in the interest of responsible disclosure, Indiatimes was notified before posting this.)
I wonder if the hike in local-call-tariffs will affect dial-up internet users — anybody who dials a 172xxx SancharNet number to access the Net through a dial-up ISP like Sify and VSNL at discounted rates of upto Rs12/hr at night. If so, then dial-up users unfortunately become collateral damage. In the long run, it would do these ISPs a world of good if they could convert as many of these dial-up users to broadband. But given that dial-up is with us for some more time, they could pick a leaf or two out of ISP’s like Blueyonder, who offer plans like SurfUnlimited, which has a special unmetered telephone line just for data. Touchtel already advertises a scheme along these lines, and there’s no reason why Sify/VSNL could not enter into a revenue-sharing agreement with BSNL and offer a toll-free number for dial-up users to use.
ToI: Telecom operators shun comment on TRAI tariff. I missed this point in the TRAI recommendation: WLL operators are now free to determine their own tariffs, and are not linked to fixed-line rates anymore. Bing! Looks like Reliance’s 20p/minute (or 5p per 15s pulse) plan will be making a comeback after all.
The linked article makes amusing reading incidentally: According to the basic telecom industry, TRAI had ushered in a Calling Party Pays (CPP) regime through the back door and thus lost out in