Just listening to SEN. The first story is about privacy issues with membership renewals on the site login. With a default password of 'Carlton', by inputting any membership number (if valid) you can access all details of the member online. The number sequences are fairly straightforward so by changing the number sequence and using the Carlton password you can go through dozens of members. You are able to change the password but all the member details are on there and large numbers of members wouldn't use the site for membership issues.

This is a huge concern. The clubs respose is that they believe it is an AFL problem. But as Schibecci said, the members are providing the details to Carlton so it is their responsibility to look after personal details. I tend to agree.

Perhaps all should go on there and change the password in the meantime.

_________________
C'mon Blueboys!

I just went to do that now, and saw this:

_________________
And so while others miserably pledge themselves to the pursuit of ambition and brief power, I will be stretched out in the shade, singing.

That's very very bad. I don't think the club should be looking for someone to blame, they should be fixing the problem ASAP.

They club have removed access to the link temporarily. Huge cock-up!

_________________
C'mon Blueboys!

Let's face it - they should have removed the whole website....!!

_________________
"...that's the thing about opinion - you don't have to know anything to have one..." Andre Agassi commenting on Pat Cash 2004
"...the less you know - the more you believe..." - Bono 2006

I am glad that many people also see this as big an issue as I saw it when I first came across it on Thursday. I do have a IT background, but it surely doesn't take a genius to realise that if you know the password, you can change the username (being numeric it's easy) and gain access to other peoples' information.

I did speak to SEN about this yesterday, but it was a matter of last resort. I made three calls to the Club on Thursday, to the Shop (who referred me to the Membership Department), the Membership Department who claimed it wasn't a real issue of concern, and finally Ian Coutts who agreed it was an issue of concern, and was going to contact the AFL on Thursday. Come Sunday with no change, I had the opportunity to mention this to Tony from SEN.

I know there are some who will think that my decision was not wise - it attacks the club, embarrasses them and leaves them open for ridicule. However, they had two business days in which to correct this. No action was taken. Finally, after the media has picked up the story, the club is forced into action.

HOWEVER - let me stress - they have not corrected the problem. From the Carlton website, if you click on the Carlton Shop link, and then click Login along the top of the shop website, you can still enter in membership numbers and passwords. In this respect - nothing has changed. The flaw is still there and you are still able to obtain the personal information of other members.

I do NOT advocate that you do this. I brought this to the attention of SEN only to force the club to act on this issue. My information was available, your information is available. It's not acceptable.

I am concerned SEN released the password over the radio (despite the fact it was actually on the website) and I will mention this to Tony next opportunity I get.

I am not associated with the Board in any respects, nor any camp for or against any "tickets". I am a member of Carlton, and have been since 2000. I came across this whilst renewing my membership for next year. I encourage you to call the club and ask to speak to Ian Coutts until this issue is corrected. Removing links to the membership page doesn't remove the links and flaws in the Online Shop.

P.S. I spoke to someone I know who is a Collingwood fan, cause I wanted to see if they had done the same thing. Unfortunately, they hadn't. I would have used Collingwood as an example if they had!

I wouldn't apologise Buzz. This is a real issue and a real flaw and it needed prompt attention. If you've given the Club some time to fix it and they didn't - then you've taken other action then I don't see a problem with your actions.

For too long Carlton seems to have had a 'give it time, it'll fix itself' mentality and sometimes a good hard jolt is needed to ensure action.

I'd suggest that this sort of problem falls between the extremely large cracks in an under-resourced administration. Ian Coutts could hardly be on top of the IT side of the site - it shouldn't be his job. We've recently uncovered a huge technical problem in the Club's email that was stopping emails being received by a key division of the Club from interested sponsors.

Issues like this bring out the lack of resources the Club has in all manner of areas. That doesn't excuse it, merely highlights what strugglers we are.

M

Meh, My private details (name, address, phone numbers) are on the internet already, and most likely yours too, try here, www.whitepages.com.au

_________________
http://www.talkingcarlton.com/phpBB2/vi ... e9f08ec27b

Good get Buzz. There was always something about internet membership renewal that didn't seem right.

_________________
Richard Pratt - A Carlton legend.

Thanks for the heads up. I've changed my password.

Yet another example of the club just not really getting it I guess. Resources/money can be an excuse for some things, but when it comes to the basics, like privacy then I don't think there can be excuses.

heres something negative about the club.....



*prepares for avalanche of posts from synbad and chuck wood, sorry, i mean Effes*

_________________
Back like a raging case of pubic lice

@#$%&! - that's the wrongest thing in wrongland.

Whoever mentioned the white pages obviously didn't realise that member's email addresses are on there as well.

Don't ask me how I know that ...

_________________
"In better news for Blues fans, Jarrad Waite was not named on the club's injury list."

Thats what happens when you use externally hosted spam solutions. If they can spend around $2k on on Web Filtering software, they could of faulked out $1k on its sister product to bring email filtering inhouse. Don't ask me how i know that

_________________
Mjonc signing off at 8888

It's with some relief that I say it looks like the problem has actually been corrected at the source - the database with the information appears to have had the default passwords changed to something else. This is the move that has been needed. I thank the club (or the AFL or Telstra or whomever is responsible) for finally fixing the problem.

I presume the club will be able to inform Carlton members on how to obtain their new passwords. This should have been avoided easily by using the same system the ClubLifestyle website uses, username is CFCMembershipNo and your password is your surname. This at least requires both pieces of information.

Bloody Pagan, how many things is he going to ruin??

In 2002, he kept talking up how we had picks 1+2 in the draft to the media and look what happened.

He destroyed Kouta's career, the man who played, to quote leigh matthews "the best year of football by anyone".

He's ruined the careers of the youngsters we had on our list that were on the verge of tearing the competition to pieces - Wiggins, Sporn, Livingston.

He made us leave Optus Oval because the extra 10 minutes in the car didn't suit him.

We only got $10 million from the government to upgrade Princes Park, my mail has told me that if Pagan wasn't there it would have been $50 million.

If Pagan wasn't there Walker would have won a Brownlow by now and Fevola would be kicking how many goals a year? 120? 150? I'm guessing the latter.

We've been winning a premiership every 8 years, we were due in 2003 and Pagan could only deliver 10 wins, pathetic.

Pagan's now delivered two wooden spoons when the club is already full of talent, we don't need first draft picks, the talent is there in abundance already.

and finally to top it all off he's [REDACTED] the website!!! the nerve of this clown, the sooner he is gone the better!

_________________
"Davies could eventually become a player of Judd's ability" - Paganite03 Click here to see for yourself!

not to mention CG that he has stopped it raining so it doesnt affect his morning wlaks...

_________________
Ich bein ein Carltonian

Exactly,it's not like your details of how much you make,had sex with are on it,lol.

email addresses on White pages?,well there you go,the government with their sensus.

Yeah nice comprehension there Mensa.

_________________
The only way for some people to understand is for them to be on the receiving end

Left wing moralists
In self serving denial
They shit me no end