Home Tags Virgin Media

Tag: Virgin Media

Market makers JMA Wireless, Three, Fon, SK Telecom and CBRE to...

London, UK. 19 April 2017 - SCWS World, organised by Avren Events, has announced it will feature more global giants on its programme than ever before, with support from Virgin Media Business, Fon, JMA Wireless and Blu Wireless, as well as the continued...

How many NSA spy hubs are scooping up your Internet data?...

Not that knowing NSA's sigint locations will actually help you much...

ISPs to block set-top boxes that illegally live-stream soccer matches

Premier League wins court injunction requiring server-level blocking.

Ongoing Windows update bug woes affecting all ISPs

Virgin also advising customers knocked offline An ongoing software update bug on Windows 8 and 10 appears affecting users of several UK ISPs, with Virgin Media the latest provider to admit the problem is knocking a number of its customers offline. The problem first emerged last week, when BT and Plusnet admitted that computers running Microsoft's newer operating systems are losing network connectivity due to what appears to be a problem with Dynamic Host Configuration Protocol (DHCP). In a forum updated yesterday, Virgin Media advised that some Windows 10 users were experiencing difficulty connecting to the internet after installing the latest update. "Microsoft are aware and investigating," it said. One reader, Adam Comben, got in touch with The Register to report: "We have a retail repair shop and have seen around 25 instances of this since Thursday. "It doesn’t matter what ISP or router they’ve been using – We’ve had TalkTalk, BT, Plusnet, Sky, you name it – All with the same problem, will not obtain an IP via DHCP." He said the issue is definitely a DHCP problem caused by a broken Windows Update, "although we’ve not been able to identify the cause it’s an extremely quick fix." He added: "It’s caused a great deal of disruption for our business customers as it required a site visit for those we couldn’t talk through it on the phone." The cause of the bug is so far unclear, although Plusnet has blamed an unspecified “third-party update”.

The main issue appears to be a recent Windows Update release – but it is hard to tell which one is at fault. The Register has contacted Microsoft for an update. ® Sponsored: Next gen cybersecurity.
Visit The Register's security hub

UK ISPs may be forced to block porn sites that snub...

EnlargeLeon Neal/AFP/Getty Images reader comments 59 Share this story Update, November 24: Late on Wednesday, the government's planned amendment to the Digital Economy Bill—which, if unopposed by parliament, will force ISPs to block porn sites that refuse to provide adequate age verification mechanisms—was published online.

The tabled tweak to the draft legislation states that, where ISPs fail to act, they will be found guilty of an offence and hit with a fine. As part of its mission creep, the government is also pushing for the BBFC regulator to have the power to tell ISPs to block content that isn't pornographic.
It states: The steps that may be specified or arrangements that may be put in place under subsection (2) (c) include steps or arrangements that will or may also have the effect of preventing persons in the United Kingdom from being able to access material other than the offending material using the service provided by the Internet service provider. However, the government's amendment doesn't nail down what it defines as "other material"—making it arguably a sweeping demand for all sorts of content to be censored. Meanwhile, campaigners are increasingly vexed by the government's decision to appoint the BBFC to police online porn blockades where sites fail to bring in age checker systems—even though the regulator is yet to explicitly state what fruity online material would be placed on its banned list. Index on Censorship and other activists are concerned that websites serving up content that shows "non-conventional" sex acts—such as face sitting, menstrual blood, and sex in public—will be barred by the watchdog.
Its current guidelines on how it classifies content offers a flavour of the type of online porn that might raise eyebrows at the BBFC. "It should not be the business of government to regulate what kinds of consensual adult sex can be viewed by adults," Index on Censorship's chief Jodie Ginsberg told the Guardian. The BBFC said in response to concerns from campaigners: "In making this assessment, we will apply the standards that we apply to pornography that is distributed offline.
If a website fails on either of these [age verification or obscene content] tests, then a notification of non-compliance will be sent to the site." Original story Telcos could be forced to block porn sites if a stealth government amendment to the draft Digital Economy Bill is waved through by parliamentarians. The report stage and third reading of the proposed legislation, which seeks to regulate a hunk of areas from Internet infrastructure to intellectual property, will be debated by MPs next Monday (November 28).

Age verification for access to online porn also forms part of the government's shopping list.

Brits wanting to access fruity material via websites or apps will be subjected to checks to confirm that they are aged 18 or over. And the bill already makes it clear that the government wants to go after "infringing sites" by choking their access to payment providers such as Visa and PayPal, and threatening fines of up to £250,000 or five percent of a person's "qualifying turnover (if any)." However, the government—in what lobby group the Internet Service Providers' Association (ISPA) has described as a "significant policy shift"—is now saying that it wants ISPs to act when online smut peddlers fail to use age checking mechanisms on their sites. Culture secretary Karen Bradley said: "Only adults should be allowed to view such content and we have appointed a regulator, BBFC [British Board of Film Classification], to make sure the right age checks are in place to make that happen.
If sites refuse to comply, they should be blocked." The department for culture, media, and sport (DCMS) added that it was also "seeking co-operation from other supporting services like servers to crack down on wrongdoers." Under the proposed measure, the BBFC would have the power to order ISPs and mobile operators to block access to porn sites that refuse to comply with the government's planned age verification system. "The requirement to block websites would apply to all sites in the UK and overseas. Where websites originate in the EU the process will be compatible with country of origin rules," it said. However, ISPA said it was concerned by the policy shift.
It said: Government must clearly assess and quantify the impact of industry in terms of competition, innovation, and investment, put in place a robust regulatory system, and address the potential for unintended consequences, including existing industry self-regulatory efforts to tackle child sexual abuse material, scope creep, and over-blocking. In January, your correspondent warned that the government could try to force ISPs to block porn sites.

Afterall, the Tories have form in this area: during the coalition years, the UK's six biggest telcos were ordered to block a number of BitTorrent tracker websites, after BT, BSkyB, EE, Virgin Media, O2, and TalkTalk failed to challenge the government's demands in the High Court. In the footnote of its statement confirming the planned tweak to the bill, the DCMS admitted that its current proposals are unworkable.
It said: Websites need servers to host them, advertisers to support them, and infrastructure to connect them. With the international and unregulated manner in which the Internet operates we cannot compel supporting services to be denied but the regulator will seek to gain cooperation from the industry. For the government, the jurisdiction of porn sites was always going to be a headache, and it's hard to believe that the amendment calling for ISPs to block online smut peddlers who flout age verification rules wasn't planned all along.

But then, timing is everything. This post originated on Ars Technica UK

Graduate recruitment site exposed 50,000 CVs sent to Virgin Media UK

Kid schools telco: 'So have you heard of access controls?' Virgin Media has shuttered a kindergarten-grade bug in a third party website that exposed up to 50,000 résumés it's received over the years, complete with names, street and email addresses of applicants. The vulnerability was due to entirely absent access controls on a public server to which applicants were directed to upload their résumés. British student hacker Alikhan Uzakov (@alikhan_uzakov) found he was able to peruse the entire directory without restraint or being challenged to log in. "About 30,000 to 50,000 applications, past and present, were accessible," Uzakov says in a blog. "Personal information including telephone numbers, emails, where someone lives, and other details were out there in the open: my personal information was exposed as well. "The problem is patched now but had I been someone with malicious intentions, I could have done a lot more and might not have reported it at all." Uzakov phoned Virgin Media's London Hammersmith office to report the flaw and "walked" a security engineer through resolving the mind-bending bug. He says Virgin Media would not comment on the vulnerability nor award him a bug bounty or name recognition for the bug. The graduate recruitment site has been fixed and is back online. ®

Outsourced Virgin Media techies botched this infosec bod’s Poodle fix

Firm says it'll rebrief everyone to 'meet its usual high standards' Virgin Media has promised to ensure all its agents are fully equipped to offer advice on the Poodle vulnerability, after a security expert exposed the failure of outsourced Indian call centre staff to explain and fix the problem. Independent security consultant Paul Moore, who is also a Virgin customer, was contacted by the company, told that he was vulnerable to Poodle and was offered a £20 "premium technical support" service to fix it. However, following a series of calls made to Virgin's Gadget Rescue service, run by an outsourced company based in India, the agents repeatedly failed to explain what the problem was. On the final call the agent tried – and failed – and failed to fix the problem remotely by installing Java, Adblock+, Silverlight, Flash and various other software. Moore recorded the calls, which The Register has listened to. "I made six calls, each landing with a different call handler.
It's abundantly clear that not a single call handler had even heard of Poodle, let alone had the knowledge required to fix it," he said. He added: "Beyond Poodle, the technician made a number of dangerous and unauthorised changes to the device.

They're also yet to clarify why it was necessary to disable F-Secure antivirus completely; something which could be described as 'reckless' as it introduces a significant risk to the end user. He also purged the 'prefetch' directory, further demonstrating a complete lack of technical knowledge." Moore said he was been promised a refund for the service. He was also contacted by a senior executive of Virgin's outsourced company. “He admitted the level of service 'was appalling', to use his words,” Moore told The Register, “and that they're taking several steps to ensure it cannot happen again.” A Virgin spokesman said: “We strive to maintain high levels of customer satisfaction with our Gadget Rescue service and ensure that agents are able to handle all enquiries.
In this case, we apologise that a Gadget Rescue agent did not meet our usual high standards. We have ensured that all agents are fully equipped to offer advice on the Poodle vulnerability.” ® Sponsored: Securing personal and mobile device use with next-gen network access controls

Virgin Media spoof email mystery: Customers take to Facebook

Customers of Virgin Media who are increasingly convinced their service provider has been victim of a security breach have formed a Facebook group to share their experiences and push for answers. Virgin Media is firmly denying any breach of its systems but users are equally adamant that the cause of a widespread and ongoing email spoofing problem must be down to a problem with the ISP. The aggrieved customers say the issues at Virgin Media began in September last year, around the time the service provider migrated from the Google platform to its own. This was accompanied by some spamming, as we reported at the time, but this was only one aspect of a bigger and ongoing mail security problem – at least, according to disgruntled customers. According to this group, Virgin Media somehow managed to leak email addresses and address books held on its servers to hackers. Within days of the migration, ntlworld and blueyonder accounts were spoofed to distribute spam messages in junk mail runs limited to email addresses those users had previously been in contact with. “Around 70 of us have had our email web accounts compromised and [believe] that the spammer is sending out spoofed email to everyone in our sent/received items,” Simon, a victim of the apparent breach – who says he has worked in IT for 20 years – told El Reg. “Each email to five of these contacts contains a link to a compromised website with the aim of infecting a new PC. A spoofing event happens about every 3-4 weeks causing a large number of bounce-backs to the victim.” Virgin Media customers started to receive batches of undelivered email reports at the time the service provider changed its email platform last September and the problem remains unresolved, with spoofed emails still circulating. Virgin Media: It ain't us, guv In a statement, Virgin Media acknowledged its customers were experiencing a spoofed messages problem while firmly denying that a breach on its systems had precipitated the unwelcome behaviour. Ensuring customer data is secure is of utmost importance to Virgin Media. There has been no breach of our systems and our email platform is not the cause of reported email spoofing. We have advised customers how best to protect their email accounts from spoofing. The change of email platform meant that some emails (e.g. bouncebacks) that Gmail would have delivered to a customer’s junk box became visible in customers' inboxes, a Virgin Media PR representative added. The statement issued to El Reg dovetails with what the ISP has been telling its customers for months, a line that’s hard to disprove but has nonetheless failed to placate disgruntled users. Simon said the issue has caused him all sorts of inconvenience. He described Virgin’s statement and the position it reflects as “utterly implausible”. “Virgin have a good description of what spoofing is on their website and are making the claim that the increase post migration is due to the fact that their spam filters are not as good,” he said. “This is just not true as when a spoofing event happens I get several calls / email texts from irate friend colleagues and customers telling me I’ve been hacked and it’s only happened since the migration.” “It caused me personally a great amount of embarrassment and there is nothing that can be done to solve the problem now the addressees are out there. In trying to fix the symptoms of the problem, Virgin are now blocking swathes of legitimate email. The whole thing is a disaster and I am about to move to a new email provider, which is a significant pain as this has been my email address for 20+ years,” he concluded. 'Targeted' recipients Other Virgin Media users caught up in the spamming and spoofing storm remain equally frustrated. “When we looked at the emails, it was clear we had not sent them – they were spoofs,” explained Kate B, a Virgin Media customer who has also been in touch with El Reg about the issue. “What was more concerning was that the recipients were targeted. “They were all people who had email contact with the VM account. This includes people who were cc'd in emails sent and received years ago. They were not in any address books,” she added. Aggrieved punters have been complaining about the issue to Virgin Media but it has consistently denied any wrongdoing. Instead the ISP is blaming message storm problems on individual customers. Call centre staff are telling aggrieved punters to run various security checks on their computers and to change passwords, actions that don’t really tackle the problem, according to activist customers. “This is the not the issue,” another aggrieved user, AnnHelen P, told El Reg. “These email addresses [are] held in the address books or in emails on the Virgin Media web servers, not from customers’ computers. As a result, spoofed emails are being sent between the email addresses that were captured. “Also since many of the email addresses leaked have been for email addresses that no longer exist, many of these emails bounce back to the spoofed sender address,” she added. Complaints to the Information Commissioner Several customers have complained about Virgin Media to data privacy watchdogs at the Information Commissioner's Office (ICO). Asked to comment on the issue, an ICO spokeswoman told El Reg said: “We are aware of this issue and are making enquires.” She declined to answer follow-up questions from El Reg on whether or not Virgin Media was co-operating with its inquiries, explaining that the ICO has a policy of not commenting on ongoing inquiries. Virgin Media’s community forums are full of threads on the spoofing/malicious spam issue (examples: "Recieved about 20 of these, has my e-mail or system been hacked, virus, what's going on?" here; "email hacked?" here; "How does spoofer access my contact list?" here; "Outward spam emails being sent from my .ntlworld address" here; and "Email Spam Spoofing" here. Nonetheless, Virgin Media is sticking to its official line (see under email spoofing here) and maintaining that its customers are to blame for any problems they may be experiencing. VM has steadfastly stated there was no data breach but has not provided any information on how it managed to clear itself of any involvement in the ongoing malfeasance, aggrieved customers tell El Reg. In response, frustrated customers recently started a Facebook group on the issue, dubbed Virgin Media Email Problems - Spoofing, Hacked, Data Breach?. The group is designed to allow people whose emails have been compromised to exchange and pool their experiences. “We are not getting anywhere with Virgin,” AnnHelen P said. “We do realise that the emails are now out there and nothing can be done about that. We do, however, wish to know exactly what information these hackers were able to access, how it happened in the first place and how widespread this breach is.” Kate B added: “We are worried there has been a data breach. If VM does not know how it happened, how can they prevent it happening again? We are also very concerned that information was harvested from inside of our old emails... What else was taken?” She concluded: “We have found it hard to raise the profile of this issue. Many of the people in the group are IT professionals and very savvy; we estimate there are very many others who have been targeted but remain unaware.” ® Sponsored: Building secure multi-factor authentication

Netflix in talks with US cable providers — report

Talks are in early stages with Comcast and other pay-TV providers to offer the online video service as an option on their set-top boxes, according to The Wall Street Journal. by Desiree Everts DeNunzio October 13, 2013 4:39 PM PDT (Credit: Netflix) ...

VPNs: The past, present and future

Terminologies such as frame relay, packet switching and dial-up modem have largely been consigned to the ‘weren’t they quaint’ cabinet of terms we used to talk about in the 80s and 90s.

They were, however, all instrumental strata in the formation of remote connectivity and the point-to-point connections that have allowed us to build an affordable generation of enterprise networking technologies. With prehistoric beasts like the X.25 protocol mostly a thing of the past, we have evolved our use of networks logically through internet-based channels to create data connections where we want them and how we want them. Where the internet opened up interconnectivity to all, it also enabled the creation of dedicated connectivity of a more cloistered corporate nature.

The concept of the virtual private network (VPN) actually works across any public communications, or indeed telecommunications infrastructure; the internet just happens to be quite a convenient and functional transport protocol. In practice, a VPN is used to connect remote points – users, databases or whole offices – to an organisation’s central secured network. Cheaper than a dedicated leased line connection, the option to deploy a VPN is now a completely practicable and affordable option for the average small to medium-sized enterprise (SME) that wants that extra layer. VPN security Security inside a VPN comes through functions or disciplines, including tunneling protocols and encryption. Data is encrypted at either end of the tunnel before it is transported and network addresses at either end can also be disguised. Without entering into a history of the 7-layers of the Open System Interconnection networking framework model, layer-2 is where the encoding and the synchronisation happens for your common-or-garden VPN. While the VPN may be established, there are still many questions to be answered for companies looking to embrace them. Let’s start with the three basic types:  IPSec You can think of IPSec as the standard VPN in that it is flexible and configurable in terms of its ability to connect two networks (or a single computer) to a network. Traffic carried through this type of VPN is encrypted and authenticated to protect it against undetected alteration. Because IPsec operates at the network Internet Protocol (IP) layer, it works with any protocol carried by IP.

This makes it an ideal general-purpose VPN.  One important caveat, however, is although we refer to IPSec as "standardised", different implementations may sometimes have difficulty interoperating. IPsec is ideal for single-supplier implementations, or where an organisation has IT staff to support it. SSL Type two is the SSL VPN, which links a single computer to an application gateway on a corporate network. Because SSL VPNs use the client's web browser as an interface, additional software is often not needed on the client machine. This means installation and support of client computers is simplified and the client can run any operating system (OS) that supports a browser and SSL.  The disadvantage here is that, to avoid extra client software and realise OS independence, SSL VPNs are restricted to proxying web pages, so are limited to HTML/HTTP-aware applications. By adding a small amount of software on the client, SSL VPNs can perform application translation, but adding more client software limits platform independence, meaning it may make more sense to use an IPSec VPN. Mobile Third is the mobile option. We know that mobile VPNs are integral to certain industry use cases, such as in public safety and emergency services. In terms of form and function, mVPNs differ from traditional VPNs as the endpoint is not fixed. The mVPN has to retain the user’s connection while dealing with the logins to each new endpoint, using a client to do so. Check Point Software Technologies’ technical director Tom Davison says modern VPN deployments can be extremely flexible and are usually integral to the company’s main security gateway.  “As we know, security today comes from the IPSec Internet Protocol (IP) technology suite as it works to encrypt data on the VPN channel,” Davison said. “This adds security between the remote server or PC and the main gateway at the firm’s main office location.” “Between offices, the VPN is usually set up between two gateways: the main office gateway and a smaller, branch office device.

For individuals, clientless approaches offer great flexibility, as users don’t need to download and manage software, or have an authentication token, as this can be provisioned centrally.” For VPN access from smartphones and tablets, Check Point is one company that offers a free downloadable app for iOS and Android. IT teams can then provision access centrally, then users load the app onto their device which manages the VPN connection. Choosing the VPN to meet the needs of the business It is important to realise that firms, even SMEs, come in all shapes and sizes.

This means that a good VPN deployment may not be based upon the physical size of the company, but be more closely related to how the business works. Network engineer at PEER 1 Hosting Liam Enticknap says that a customer requiring secure access to its servers from anywhere may prefer a VPN solution over and above security through firewall policies or rule sets. “We consider this a client-to-site VPN and this allows the user to install a VPN client on machines and connect up from anywhere,” Enticknap said. “The limitation in this is that depending on the model of firewall you've purchased with your hosting depends on how many connections can be had at any one time. “Another VPN option is site-to-site where a tunnel is built statically between a client's site and their hosted firewall.

This means users pass secure traffic, but can only initiate it when at the specified location(s). You can run both of these together offering a more dynamic option depending on your business needs.” So the rationale for creating a VPN installation comes from a need for security, a need for dedicated data control, a need for mobile data management (MDM) and a need for corporate (and/or smaller scale SME-level) cloud-driven device access connections. Timico CTO Trefor Davies argues while, in one sense the VPN has not changed in years, in another it has been superseded by mobile and internet/cloud technologies that provide a better and more reliable connection. “The proliferation of high-performance tablets and smartphones has led to increased use of mobile VPNs that need careful application of device security policies,” Davies said. “A mobile VPN traditionally encrypts data and sends it through a tunnel across the internet to the corporate firewall.

A MAM (mobile access management)-based mobile VPN runs over a private network and never touches the internet.” “MAM therefore doesn’t require encryption, which can traditionally add significant packet overhead to a conventional mobile VPN connection. So a MAM-based mobile VPN connection is faster because it doesn’t need to tunnel and encrypt its data.  Davies adds: “Historically, MAM has been the domain of big businesses that could afford the set up fees. However these days, some internet service providers have their own large data pipes into the mobile operators networks and are able to subdivide the MAM into segments that are affordable to smaller businesses.” The elephant in the room We know by now there are several types of VPNs and dedicated mobile data channels and then there is cloud. But is cloud the elephant in the room for future VPN services? Juniper Networks senior director of solutions marketing Paul Gainham highlights the fact that many SMEs will have been enticed by the promise of cloud services from the likes of Amazon and Microsoft.  “The application agility and pay-as-you-grow business model, combined with the outsourcing of some aspects of IT management are indeed compelling and have seen impressive uptake,” Gainham said. “But are these open, uncontrolled public cloud services at odds with the guaranteed, secure, single supply benefits of VPN services that many SMEs have become used to.” “The reality is these two worlds are beginning to come together.

A number of VPN service providers (OBS VPN Galerie as an example) are now beginning to offer integrated public cloud services as part of their VPN offer so that the SME gets the best of both worlds – access to public cloud services through the guaranteed, secure, single service supply that they enjoy through their current VPN.” Growing into your VPN Looking ahead is Duncan Higgins, director of product and marketing at Virgin Media Business. Higgins warns SMEs it is about making sure you have access to technology that gives you room to grow, both in the short term but also in the long term.

There’s no point in paying up front for VPNs that will be redundant in a year’s time. “We undertook some research last year into the VPN upgrade habits of UK-based CIOs and discovered that over a third needed to upgrade their VPNs every year, costing on average £30,000 each time,” Higgins said. “SMEs simply can’t afford to be constantly battling to find the finance to undertake yearly upgrades; they need VPNs that give them the room to grow and innovate, which is what SMEs do best.” As established or seasoned as the VPN model is, it is the very existence of the web itself which gives VPNs their IP transport mechanism but also presents alternative data conduits in their own right. VPNs are unlikely to go away anytime soon, but we may yet witness the birth of the cloud-centric VPN 2.0 as the traditional desk and cubicle office space model of the last half-decade crumbles into new remote workflows. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com This was first published in August 2013