Thursday, April 03, 2008

WTH is wrong with Tata Indicom

Tata Indicom has an amazing (?!) web site to manage all your accounts with them online. I don't know WTH is wrong with them, none of the login pages are being submitted over HTTPS. Yes, any n00b running a sniffer can sniff out your password and any other sensitive information you give with a little effort. On top of this, the page was submitted to an IP address, instead of a URL, which was beyond my wild imagination. I had to run a whois query on APNIC server just to confirm if I am talking to one of their servers.

I am surprised how on earth Tata Indicom claims to be the number one (or one of the top) telecom service provider in India, if they don't even know the seriousness of their user's identity.

1 comment:

Anonymous said...

Hi Roy..
Thanks for highlighting this issue. We have initiated work at our end for the same. All perosnal data resides on our servers (and not the vendors) and proper authorisation is neccessitated at the present level. Working towards making the site secured. Thanks again.

Rgds