Categories
Uncategorized

The non-delights of being a @virginmedia customer, and their feeble approach to security

Now i don’t suppose anyone out there would expect an ISP to deliver a 100% performance given that a lot of their delivery is over third party (BT) equipment.  But I do expect a reasonable, informed and effective response to problems.  Don’t get me wrong, I don’t live in the vain hope of getting that, but I do expect it!
My recent experience started on Monday when my secondary ADSL service (from virginmedia – a hangover from my time as an ntlworld customer in the 90’s) stopped working.  The line is used to give me some redundancy, and (perversely given the physical BT lines come on the same circuit) a better performance than my Nildram business service.  Because of this I use the connection for more domestic surfing to keep the load off the business network.
To give Broadband some credit, I assumed there were issues in my network or router for some time before I discovered by checking the virginmedia website that they had some ADSL provision issues.  My router was showing a connection, but had no IP or IP settings.  In about an hour, all came back and all was well.
On Tuesday, about 6pm the same thing happened.  After the first experience I hit the virginmedia site straight away and discovered they had another major outage.  So I gave them some time, and then tried intermittently to get the service (by rebooting the router, and occasionally trying the “IT Crowd” switch it off and on treatment).  By midnight it was still out, so I tried calling the helpline.  On the first occasion I spoke to someone who seemed a) 8000 miles away, b) sounded like they were 8000 miles away.  I asked her to turn up the volume (my phone was already on max), and during the process she cut me off.  So I went through the same tiresome menu options again (at *MY* cost), to get through to an agent who cut me off as they answered.
By take 3 they were clearly receiving a lot of calls (at midnight?) and I was asked what type of music I wanted to listen to on hold – not a promising question to be asked.  But I chose, and then a couple of tracks came in, to be repeated, and repeated.  At this point having wasted a substantial number of my earth minutes I gave up.
Two days later (and despite a tweet to the virginmedia account) I still had no connection.  So I tried calling again.  This time I got through to an engineer who on getting the details decided he should put me through to someone higher up the tech support chain.  I guess my use of the phrase “your DHCP service seems to be failing” might have over-stretched his technical skills.
So onto the next engineer – he clearly knew what he was talking about in terms of the technical background to the problem; but I was rather bemused by the requirement to connect to the router by a wired connection.  Eventually he accepted that I could connect using my mobile phone browser as I was able to give him the answers he wanted (about information on the router’s webpage) from the phone.  (Although this did come back to bite me later on when I tried to type in the password field!)
At this point (after checking some values were as they should be) things took some interesting turns…
  • He asked me to retype my password into the router.  And read me the password from their files!
  • When that failed, my password was changed, and then I had to type it in and it all came to life.  However as it was doing so he put me on hold.  After waiting 2 minutes to see why he could not talk to me I gave up, and hung up the phone – it was working and why should I help fund virginmedia further?
So this all begs some questions:
Security
  • Why do virginmedia keep password information in clear text – obviously some customers with weak password policies may use the same password on more than one site (not recommended I know, but…) and therefore a data leak may lead an identity attack, or compromise other information or website access
  • Why can virginmedia staff change the password and then tell you they have done it – surely a good protocol would be to explain they think they need to do it, and ask if would be OK?
Technical
  • Why does changing the account password mean that their entire technical infrastructure will suddenly let my router connect and allow me to use the service?
  • Was there some deeper technical problem earlier in the week where client passwords were compromised or lost?
  • Why did the password change significantly remove a hardening approach by removing all upper case letters?
Moral
  • If a company offers a service with a helpline that costs the client, then why does it need 2 minutes of press 1 for a, 2 for b etc. to get through to the right line.  If you have that structure, why not give it out with the number and allow customers to route more quickly to the technician, thus reducing the cost?
  • If you are going to cut customers off – do you not have a moral duty to reimburse the costs the customer has lost by having to make the call more than once?
  • If you have had serious infrastructure issues – why are you not offering apologies to customers and refunds for a service paid for, but not received?

By P J Bryant

Ramblings of a freelance IT Consultant working for some nice SME's, large organisations, resellers and the usual friends and family! Bit of

2 replies on “The non-delights of being a @virginmedia customer, and their feeble approach to security”

Well, my persistent tweeting of @virginmedia generated a phone call today. Some information was forthcoming, but proper answers to most of my questions were not. I'm expecting a call later today with some real answers…

Like

well, virginmedia called back as promised (that's good), but unfortunately without having any further information on either the technical reasons behind the failures; nor comments on the security implications of their setup.

Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s