Sky TV Website Security Update

Juha Saarinen has written an excellent article covering the security issues I had with Sky Television?s web help site.

[quote]

The help system used by the broadcaster lacks account authentication by password, allowing access from the internet simply by guessing the email address of a registered user.

[/quote]

Sky have ostensibly fixed the site by enabling the password option, but you?ll find you can still quite happily log in as me with no password. This will also be the case with everyone who has used the system to ask a question, unless they have purposely gone in and set a password since Sky enabled the option.

Additionally, Sky?s Fernando Battaglia informed me that they have fixed the issue with having no unsubscribe option on the Alert emails. If by ?fixed? he means that he stuck some lipstick on a legless pig, then he?s correct. They?ve added a link to the website where you can log in and unsubscribe. If, like me, you can?t log in due to a highly informative ?biz2010 error could not be found?, then you?re outta luck and will continue to be spammed.

There?s a very good reason that the New Zealand anti-spam law requires an unsubscribe facility using the same method as the original message. In this case I should be able to unsubscribe by simply replying to the alert email.

Poor effort Sky. Must try harder. 2/10. See me.

One Reply to “Sky TV Website Security Update”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.