That's very very bad. I don't think the club should be looking for someone to blame, they should be fixing the problem ASAP.
| TalkingCarlton http://talkingcarlton.com/phpBB3/ |
|
| Privacy problems for CarltonFC.com.au http://talkingcarlton.com/phpBB3/viewtopic.php?f=2&t=13467 |
Page 1 of 1 |
| Author: | marciblue [ Mon Nov 13, 2006 11:21 am ] |
| Post subject: | Privacy problems for CarltonFC.com.au |
Just listening to SEN. The first story is about privacy issues with membership renewals on the site login. With a default password of 'Carlton', by inputting any membership number (if valid) you can access all details of the member online. The number sequences are fairly straightforward so by changing the number sequence and using the Carlton password you can go through dozens of members. You are able to change the password but all the member details are on there and large numbers of members wouldn't use the site for membership issues. This is a huge concern. The clubs respose is that they believe it is an AFL problem. But as Schibecci said, the members are providing the details to Carlton so it is their responsibility to look after personal details. I tend to agree. Perhaps all should go on there and change the password in the meantime. |
|
| Author: | Kaptain Kouta [ Mon Nov 13, 2006 11:24 am ] |
| Post subject: | |
I just went to do that now, and saw this: Quote: *The links to the membership renewal page are temporarily unavailable due to technical problems. We apologise for any inconvenience
|
|
| Author: | verbs [ Mon Nov 13, 2006 11:25 am ] |
| Post subject: | |
| That's very very bad. I don't think the club should be looking for someone to blame, they should be fixing the problem ASAP.
|
|
| Author: | marciblue [ Mon Nov 13, 2006 11:28 am ] |
| Post subject: | |
Kaptain Kouta wrote: I just went to do that now, and saw this:
Quote: *The links to the membership renewal page are temporarily unavailable due to technical problems. We apologise for any inconvenience They club have removed access to the link temporarily. Huge cock-up! 
|
|
| Author: | Wet Willie [ Mon Nov 13, 2006 11:51 am ] |
| Post subject: | |
Let's face it - they should have removed the whole website....!! |
|
| Author: | Buzz [ Mon Nov 13, 2006 12:22 pm ] |
| Post subject: | |
I am glad that many people also see this as big an issue as I saw it when I first came across it on Thursday. I do have a IT background, but it surely doesn't take a genius to realise that if you know the password, you can change the username (being numeric it's easy) and gain access to other peoples' information. I did speak to SEN about this yesterday, but it was a matter of last resort. I made three calls to the Club on Thursday, to the Shop (who referred me to the Membership Department), the Membership Department who claimed it wasn't a real issue of concern, and finally Ian Coutts who agreed it was an issue of concern, and was going to contact the AFL on Thursday. Come Sunday with no change, I had the opportunity to mention this to Tony from SEN. I know there are some who will think that my decision was not wise - it attacks the club, embarrasses them and leaves them open for ridicule. However, they had two business days in which to correct this. No action was taken. Finally, after the media has picked up the story, the club is forced into action. HOWEVER - let me stress - they have not corrected the problem. From the Carlton website, if you click on the Carlton Shop link, and then click Login along the top of the shop website, you can still enter in membership numbers and passwords. In this respect - nothing has changed. The flaw is still there and you are still able to obtain the personal information of other members. I do NOT advocate that you do this. I brought this to the attention of SEN only to force the club to act on this issue. My information was available, your information is available. It's not acceptable. I am concerned SEN released the password over the radio (despite the fact it was actually on the website) and I will mention this to Tony next opportunity I get. I am not associated with the Board in any respects, nor any camp for or against any "tickets". I am a member of Carlton, and have been since 2000. I came across this whilst renewing my membership for next year. I encourage you to call the club and ask to speak to Ian Coutts until this issue is corrected. Removing links to the membership page doesn't remove the links and flaws in the Online Shop. P.S. I spoke to someone I know who is a Collingwood fan, cause I wanted to see if they had done the same thing. Unfortunately, they hadn't. I would have used Collingwood as an example if they had! 
|
|
| Author: | molsey [ Mon Nov 13, 2006 12:28 pm ] |
| Post subject: | |
I wouldn't apologise Buzz. This is a real issue and a real flaw and it needed prompt attention. If you've given the Club some time to fix it and they didn't - then you've taken other action then I don't see a problem with your actions. For too long Carlton seems to have had a 'give it time, it'll fix itself' mentality and sometimes a good hard jolt is needed to ensure action. I'd suggest that this sort of problem falls between the extremely large cracks in an under-resourced administration. Ian Coutts could hardly be on top of the IT side of the site - it shouldn't be his job. We've recently uncovered a huge technical problem in the Club's email that was stopping emails being received by a key division of the Club from interested sponsors. Issues like this bring out the lack of resources the Club has in all manner of areas. That doesn't excuse it, merely highlights what strugglers we are. M |
|
| Author: | Fevola25 [ Mon Nov 13, 2006 12:51 pm ] |
| Post subject: | |
Meh, My private details (name, address, phone numbers) are on the internet already, and most likely yours too, try here, www.whitepages.com.au |
|
| Author: | Deano Supremo [ Mon Nov 13, 2006 1:01 pm ] |
| Post subject: | |
Good get Buzz. There was always something about internet membership renewal that didn't seem right. |
|
| Author: | Mordan [ Mon Nov 13, 2006 1:04 pm ] |
| Post subject: | |
Thanks for the heads up. I've changed my password. Yet another example of the club just not really getting it I guess. Resources/money can be an excuse for some things, but when it comes to the basics, like privacy then I don't think there can be excuses. |
|
| Author: | Sniff Wilson [ Mon Nov 13, 2006 1:05 pm ] |
| Post subject: | |
heres something negative about the club..... *prepares for avalanche of posts from synbad and chuck wood, sorry, i mean Effes* |
|
| Author: | HTP [ Mon Nov 13, 2006 1:15 pm ] |
| Post subject: | |
@#$%&! - that's the wrongest thing in wrongland. Whoever mentioned the white pages obviously didn't realise that member's email addresses are on there as well. Don't ask me how I know that ... |
|
| Author: | mjonc [ Mon Nov 13, 2006 4:14 pm ] |
| Post subject: | |
molsey wrote: I wouldn't apologise Buzz. This is a real issue and a real flaw and it needed prompt attention. If you've given the Club some time to fix it and they didn't - then you've taken other action then I don't see a problem with your actions.
For too long Carlton seems to have had a 'give it time, it'll fix itself' mentality and sometimes a good hard jolt is needed to ensure action. I'd suggest that this sort of problem falls between the extremely large cracks in an under-resourced administration. Ian Coutts could hardly be on top of the IT side of the site - it shouldn't be his job. We've recently uncovered a huge technical problem in the Club's email that was stopping emails being received by a key division of the Club from interested sponsors. Issues like this bring out the lack of resources the Club has in all manner of areas. That doesn't excuse it, merely highlights what strugglers we are. M Thats what happens when you use externally hosted spam solutions. If they can spend around $2k on on Web Filtering software, they could of faulked out $1k on its sister product to bring email filtering inhouse. Don't ask me how i know that 
|
|
| Author: | Buzz [ Mon Nov 13, 2006 6:25 pm ] |
| Post subject: | |
It's with some relief that I say it looks like the problem has actually been corrected at the source - the database with the information appears to have had the default passwords changed to something else. This is the move that has been needed. I thank the club (or the AFL or Telstra or whomever is responsible) for finally fixing the problem. I presume the club will be able to inform Carlton members on how to obtain their new passwords. This should have been avoided easily by using the same system the ClubLifestyle website uses, username is CFCMembershipNo and your password is your surname. This at least requires both pieces of information. |
|
| Author: | Carlton God [ Mon Nov 13, 2006 8:46 pm ] |
| Post subject: | |
Bloody Pagan, how many things is he going to ruin?? In 2002, he kept talking up how we had picks 1+2 in the draft to the media and look what happened. He destroyed Kouta's career, the man who played, to quote leigh matthews "the best year of football by anyone". He's ruined the careers of the youngsters we had on our list that were on the verge of tearing the competition to pieces - Wiggins, Sporn, Livingston. He made us leave Optus Oval because the extra 10 minutes in the car didn't suit him. We only got $10 million from the government to upgrade Princes Park, my mail has told me that if Pagan wasn't there it would have been $50 million. If Pagan wasn't there Walker would have won a Brownlow by now and Fevola would be kicking how many goals a year? 120? 150? I'm guessing the latter. We've been winning a premiership every 8 years, we were due in 2003 and Pagan could only deliver 10 wins, pathetic. Pagan's now delivered two wooden spoons when the club is already full of talent, we don't need first draft picks, the talent is there in abundance already. and finally to top it all off he's [REDACTED] the website!!! the nerve of this clown, the sooner he is gone the better! |
|
| Author: | bluehotel [ Tue Nov 14, 2006 9:33 am ] |
| Post subject: | |
not to mention CG that he has stopped it raining so it doesnt affect his morning wlaks... |
|
| Author: | Rambo Stallone [ Tue Nov 14, 2006 11:42 pm ] |
| Post subject: | |
Fevola25 wrote: Meh, My private details (name, address, phone numbers) are on the internet already, and most likely yours too, try here, www.whitepages.com.au
Exactly,it's not like your details of how much you make,had sex with are on it,lol. |
|
| Author: | Rambo Stallone [ Tue Nov 14, 2006 11:47 pm ] |
| Post subject: | |
HTP wrote: F@%&#! - that's the wrongest thing in wrongland.
Whoever mentioned the white pages obviously didn't realise that member's email addresses are on there as well. Don't ask me how I know that ... email addresses on White pages?,well there you go,the government with their sensus. |
|
| Author: | Heavs [ Wed Nov 15, 2006 7:46 am ] |
| Post subject: | |
Rambo Stallone wrote: HTP wrote: F@%&#! - that's the wrongest thing in wrongland. Whoever mentioned the white pages obviously didn't realise that member's email addresses are on there as well. Don't ask me how I know that ... email addresses on White pages?,well there you go,the government with their sensus. Yeah nice comprehension there Mensa. |
|
| Page 1 of 1 | All times are UTC + 10 hours |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|