Tag: BigPond

The recent Telstra security breaches–how were they handled?

Through this last year, there has been an increasing number of incidents where customers of high-profile companies have had their identifying data compromised. One of these incidents that put everyone in the IT world “on notice”, especially those involved in consuner-facing IT like ISPs or online services, was the Sony PlayStation Network / Qriocity break-in by LulzSec / Anonymous.

Close to that, I had attended a presentation and interview concerning the security of public computing services hosted by Alastair MacGibbon and Brahman Thiyagalingham from SAI Global, the report which you can see here.

The BigPond incident

Over the last weekend, Telstra had suffered a security breach that compromised the user details of some of their BigPond Internet-service customer base. This was through a customer-service search Webpage being exposed to the public Internet rather than Telstra’s own customer-service network.

The privacy compromise was discovered on Friday 9 December 2011 (AEDT) and mentioned on the Whirlpool forum site. It was in the form of an in-house “bundles” search page exposed to the Web with the database containing usernames, passwords and fully-qualified email addresses of a large number of the customer base at risk.

Telstra’s response

But Telstra had responded very quickly by locking down the BigPond customer email servers and Web-based self-service front-ends while they investigated the security compromise. The customers whose data was exposed had their passwords reset with them being required to call the BigPond telephone support hotline as part of the process.

As I do maintain an email account through this service for a long time, I had taken steps to change the password on this account. This was even though I wasn’t one of the customers that was subject to the aforementioned mandatory password reset.

Telstra also maintained a live channel of communication to its customers through their own Web sites, through updates to the main media channels and through an always-running Twitter feed. Once the email system was open for business, a follow-up email broadcast was sent to all BigPond customers about what happened.

My comments on how this was handled

Like the Sony PlayStation incident, this incident was one that affected a high-profile long-established brand which, like other incumbent telecommunications-service providers, was in a position where the brand has a bittersweet connotation. Here the brand is associated with a portfolio of highly-established high-quality stable telecommunications services but has had negative associations with poor customer service and expensive telecommunications services.

What I saw of this was that after the Sony incident and similar incidents against other key brands, the IT divisions for Telstra haven’t taken any chances with the data representing their customer base. They had quickly locked down the affected services and forced the necessary password-reset procedures in order to reduce further risks to the customers; as well as keeping customers and the public in the loop through their media, Web and Social-Web channels.

The Telstra incident also emphasised the fact that the risks can come from within an affected organisation, whether through acts of carelessness or, at worst, deliberate treacherous behaviour by staff. As I have said in the previously-mentioned interview and conference article, there needs to be data protection legislation and procedures in place in Australia so that a proper response can occur when these kinds of incidents occur.

Foxtel–now to be offered in a manner similar to Canal+

Article

Telstra to offer FOXTEL on T-Box in May 2011 – Media Announcement – About Telstra

My comments

Most of the other countries in the world have at least one Internet service provider who provides IPTV or “triple-play” Internet service offering the TV channels that are expected in a multichannel pay-TV service as part of their TV deals. This is whether as a separate option or integrated in to the TV package.

For example, most of the French “triple-play” packages (Livebox, Freebox, Bbox, Box SFR, etc) offer the Canal+ pay-TV service as a “channel package”. Similarly, the channels offered through US cable-TV services are being offered via AT&T’s “FiOS” IPTV offerings.

Now this trend is coming to Australia with Foxtel, Australia’s main pay-TV brand, offering their TV channels through the Telstra T-Box IPTV setup. This will be offered in the same manner as what is done in France, where the Foxtel packages are sold as a particular add-on rather than the channels being part of packages that Telstra BigPond determines.

Advantages

One main advantage I have often seen regarding delivery of the Foxtel brand via IPTV is that there isn’t the need to run extra coaxial cable to each viewing location or fuss with a satellite dish in order to receive this content.

Some households that have highly-landscaped gardens can benefit because there isn’t the need to dig up the garden to run new cable from the street (in the case of underground-cable setups). As well, people who live in forested areas of the cities

Another advantage with this particular setup is that you only need one set-top box to receive the IPTV services provided through BigPond as well as Foxtel. This is more important to those of use who value the idea of “all the eggs in one basket” but have had to worry about room on the TV cabinet for the T-Box and the Fox Box; or extra inputs on the TV in order to have both these services.

Outstanding Questions

There are still some outstanding questions and issues that need to be raised concerning this service. One is whether a user can set up concurrent recording of shows broadcast on Foxtel, BigPond TV and regular TV at the same time. It also includes handling of sequential recordings, especially where the user requires a certain amount of run-on to be recorded to cater for when channels finish their shows later.

This same problem can extend to capacity issues for T-Box and will eventually require measures like support for “offloading” to approved NAS devices, and the availability of larger-capacity PVRs that work with the BigPond IPTV service. This can also open up issues like true multi-room setups with scalable customer-premises hardware in the form of PVRs that have different capacities and functionalities as well as view-only set-top boxes  Here this could allow for “follow-me” viewing, setting up recordings from other rooms and increased recording capacity and concurrency.

How this could affect the pay-TV landscape

It will also be interesting to see how long this deal will be exclusive to Telstra BigPond. This is especially real as some of the other ISPs in the Australian market like iiNet and TPG are offering IPTV service by “picking off” channels from various content providers. As well, Optus will want to get in to this new game by offering IPTV service and may want to run the Foxtel name in its lineup. Similarly, the Austar name, which covers the Foxtel lineup outside the capital cities will want to appear in any IPTV lineup in its market area.

It could then redetermine the role of the traditional multichannel pay-TV distributor like Foxtel or Austar, who used to rely on their infrastructure and their set-top boxes as being core to their operations, causing them to become a “content wholesaler” or “content franchise”. Here, the customer views these services through hardware provided via their IPTV operators such as “triple-play” broadband providers and chooses the service as an option that is part of their broadband, “triple-play” or IPTV package.