Feeds

KCOM-owned Eclipse FAILS to cover up the password 'password'

Serves it in plain text to user via webpage

Business security measures using SSL

Exclusive A Register reader has exposed another privacy howler at KCOM - this time involving its Exeter-based ISP Eclipse Internet, which displays passwords in plain text to users via a webpage.

Customers who log in to their personal Eclipse user site are somewhat surprisingly shown the password for their account.

Today's tip of the hat from Vulture Central goes to Steve Foster, who got in touch following our story last week about a KC engineer allegedly revealing a spreadsheet containing unencrypted user IDs and passwords. He told El Reg:

I doubt that you'll be surprised that the utter incompetence within Kingston Communications goes further than Hull. At least as far as Exeter, in fact.

I attach a (redacted) screen grab from Eclipse Internet's management tool.

You'll see that they not only keep their passwords in plain text, they obligingly display them to you in full when you log into their website.

And yes, it does allow 'password'.

Anyone else feeling a tad bit insecure?

We asked KCOM to explain the lax security on display over at Eclipse Internet.

A spokeswoman at the company told The Reg:

Customers can view their password within our secure Eclipse customer portal only after they have logged in using their user name and password to authenticate their details. During the login process the password is not visible in plain text.

Which left your baffled correspondent wondering why the password would need to be displayed, if the same password was used to access the site.

We were also curious to know if there was any progress with the apparent KC spreadsheet blunder that El Reg recently uncovered.

But KCOM's spokeswoman told us there was "no update" on that particular story. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
Bonking with Apple has POUNDED mobe operators' wallets
... into submission. Weve squeals, ditches payment plans
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
Apple Watch will CONQUER smartwatch world – analysts
After Applelocalypse, other wristputers will get stuck in
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.