3V.ie Online Account Security Weakness – Beware!

Image via payzone.ie
Image via payzone.ie

I may have identified a possible security weakness with the 3V.ie (online customer account) service. This occurred recently while trying to retrieve my own 3V account details, this weakness would allow any person with prior knowledge that you have a 3V account coupled with your mobile phone number to access your 3V “Online Customer Service” browse your balance & purchase history etc. Here is a summary of user tasks taken from their website:

Online Customer Service

Sign on to the new Online Customer Service section of this 3V website using your email address and personal password to:

  • Receive again the security details for any Voucher.
  • Check the balance and transaction history on your 3V Vouchers.
  • Redeem money left on your 3V Vouchers to your bank account.
  • Transfer money from one Voucher to another Voucher.
  • Request a replacement 3V Customer Card.
  • Update your personal details or password.
  • Change how you receive the security details when you buy a 3V Voucher.

You can also find the balance and transaction history for any 3V Vouchers quickly by clicking on the View Transaction History link on the left hand side of this page.

The info that follows may have been a one off chance of gaining someones account information but non the less a weakness… try it yourself on your own account if you like!

Let me explain…

I hadn’t used my 3V account with over a year and had lost my card but also had forgot my account username and password, so a few weeks ago I tried the standard “Forgot Your Password” option on the website www.3v.ie and went through the various email address I may have used for that account. Unfortunately neither of my email addresses worked as the 3V website started to throw an error along the lines of “Cannot complete your request, please try later” etc.

The weakness…

Now at this point I gave up and then a couple of days later I tried the same procedure but got the same result, out of frustration I sent 3V.ie an email asking how I could retrieve my account details but never received an answer,but

Only discovered this today on their website:
“Emails must be sent from your registered email address and must include the last six digits of your 3V Voucher number if you have a query about a particular 3V Voucher.”

Roll on about 2 weeks later I really needed to use the 3V account to purchase an ebay item so I opted to call support by phone. This is where their weakness began to show…

The conversation…

I called customer service and stated that I needed to retrieve my account information, I was asked for my registered email address and password. I then explained that I couldn’t remember my registered email address or password and that is why I was speaking to support on phone! What followed was clearly shocking! Support asked me for my mobile number which I gave, I was then told my email username was xxxxx@xxxxx.com with no problem….. at that point I was actually relived now to have at least my username so while talking to support I tried the “Forgot My Password” option on the website login and still got the “Cannot complete your request, please try later” response feeling annoyed I asked why it was not working for me and also sensing the support persons frustration as I was asked to repeat the request… but each time it failed and then out of the blue I was informed “OK your password is xxxxx try that” and yes I had my password and yes it did work!!!

The conclusion…

So what I’m saying here is if I was posing as another person and rang customer support armed with just a known 3V user and there mobile number I could easily retrieve their information by causing a flurry about why I cannot access my account for some reason or another using the flaw “Cannot complete your request, please try later” response” etc. This happend to me and made me realize I could have been someone else! or maybe… just maybe the customer support person could actually see I was trying to access the system at that point and felt confident I was the same person on the end of the phone and freely gave the details away?

Opinions please?

Calibrate your monitor with PANTONE® huey™


My Pantone Huey monitor calibration system widget

I recently purchased this excellent monitor calibration tool called “huey” from PANTONE® the reason being I was constantly struggling with monitor colour and gamma etc. Having used the Windows based tool “Adobe Gamma” which works to some degree for general calibration but when it comes to editing photos and especially video there was a need to get something that would do the job better so that your colours can be accurate all the time.

Huey (a USB device) was a simple install from the disk and takes only 5 minutes to have it up and running. First it tests the ambient light in your room and adjusts, then it asks you to place the widget on your monitor (it has little suction pads underneath) and goes through a 2 minute process of colour testing, when all is done you replace the widget back in its holder and you can choose an option to have it constantly monitor the changing room light as day becomes night it will automatically adjust your setting seamlessly.

The results are great, my screen colours are now more true and crisp with no gamma haze or overtones there is a confidence knowing what I see is what it is. When it comes to printing this widget really works… no more reds printing as pink etc. what you see on screen will come out on print.

Would I recommend it? Yes for sure its reasonably cheap… I picked up mine on Ebay for about €55.00 including p+p. If you have been having trouble with colours and calibrating give this product a go, you wont be disappointed.

[youtube]http://www.youtube.com/watch?v=XJGLivjiocw[/youtube]

Suggested Links:

.

WordPress 2.5 Upgrade – Sweet!

wordpress logoIn the past few weeks I have upgraded my WordPress version from 2.3.1 to 2.3.3 and tonight to version 2.5 I must say everything went sweet!

I actually like the new interface it’s much more condensed and customizing the dashboard is simple. The option to upgrade newer plugin versions via FTP is really cool!

The image manager is excellent, I now no longer have to scroll down to the bottom of a post to insert images and the Gallery feature is a welcome. Toggle Full Screen mode is great and eliminates the double scroll bar issues when managing a long post. Just to note I have 7 various plugins on my blog and all work fine after re-activating them.

That’s all I’ve got time for now… must go, play and discover more sweet functions with this upgrade…. 🙂

Thanks to the team at WordPress for all your fine work!

Update Saturday 05 April

I decided to upgrade YoughalOnline.com WordPress version from 2.3.3 to 2.5 this morning using the excellent “WordPress Automatic Upgrade” plugin as recommended but not tested by Donncha at his blog.

The auto upgrade plugin does exactly what it says on the tin, it was a blistering fast upgrade all in all in around 5 mins I had installed the plugin and had my files and database backed up, the new 2.5 version files were installed and the icing on the cake was my plugins were re-activated. There was an automated process but I didn’t go with that route as I like to see what happens etc.

I would highly reccomend the auto-upgrade plugin, everything ran smooth!

PS

I mentioned above “Just to note I have 7 various plugins on my blog and all work fine after re-activating them.” I must say I ran into a fatal error with the “Popularity Contest” plugin version 1.3b3 from Alex King.

To fix the error open popularity-contest.php and scroll down to line 59.

Replace require(’../../wp-blog-header.php’); with require(’../wp-blog-header.php’);

This tip came via kenmcguire

YoughalOnline.com Live Web Broadcast A Success!

I’ve been a little quiet here on my blog lately, much of the reason is my time is being eating up with the new venture www.YoughalOnline.com. I spoke about this in a previous post well I just want to update on the happenings with that website.

We broadcasted the St. Patrick’s Day Parade 2008 live on the homepage of the site and it was a huge success. We had viewers watching live from the U.S.A, Australia, New Zealand, U.K, Germany, France, Spain, Poland, India, Canada & Ireland. although the live stream was 43mins long I edited the stream down to 9:50secs for the main parts which you can view below.

St. Patrick’s Day Parade Youghal Webcast


Below are some photos taken by my brother Gerard McCarthy of the event on the day. By the way thats myself on the DV camera.

YoughalOnline.com Live Web Broadcast

YoughalOnline.com Live Web Broadcast

YoughalOnline.com Live Web Broadcast

We have posted 39 news articles including photos in less than 5 weeks and continue to post daily. The Online Video section of the site is proving very popular. Traffic to the site has increased by an average of 30% each week, which we are more than pleased. We are also getting local business interest in sponsored advertising so I will have to work on that strategy next!

That’s all for now…. short note: I have a nice “Band/Musicians” template module in the making which I will post up here for free download soon.