Author Topic: Click and Send site is down  (Read 8775 times)

*wheels*

  • Knights of the RT
  • Knight of the RT
  • *****
  • Posts: 8000
Click and Send site is down
« on: October 02, 2012, 10:17:08 AM »
Important information for Click & Send customers:

The Click & Send service has been temporarily suspended due to a system error.

As a result, the site has been temporarily deactivated, as our team

works to ensure the security of the system for all customers. We hope

to have the service back up and running as soon as possible.

Australia Post would like to reassure Click and Send customers that at

no stage were their financial details compromised.

Customers who wish to send parcels should visit their local Australia Post outlet who will assist them.

*smee*

  • Action Group
  • Knight of the RT
  • *****
  • Posts: 46854
Re: Click and Send site is down
« Reply #1 on: October 02, 2012, 10:21:33 AM »
I sent a parcel this morning but because I didnt have my puter / printer setup
So I just sent it normal post
Im glad now that I didnt go to all the trouble of setting up puter only to find that C&S was down

That would have been very frustrating and inconvenient

*wheels*

  • Knights of the RT
  • Knight of the RT
  • *****
  • Posts: 8000
Re: Click and Send site is down
« Reply #2 on: October 02, 2012, 10:24:46 AM »
I only have a couple of parcels to do today so it's not too bad. It would have been a giant problem yesterday because we had quoted postage using the Flat Rate boxes on several sales and it would have cost a lot more if we hadn't been able to use Click and Send.

*wheels*

  • Knights of the RT
  • Knight of the RT
  • *****
  • Posts: 8000
Re: Click and Send site is down
« Reply #3 on: October 02, 2012, 02:02:07 PM »
And now we find out the reason why ...

Australia Post 'ignores' online service security flaw

http://www.news.com.au/technology/australia-post-ignores-online-service-security-flaw/story-e6frfro0-1226486564175?from=igoogle+gadget+compact+news_rss

A SECURITY flaw on Australia Post's website is putting customers' privacy at risk, with the company allegedly believing people were not smart enough to find the glitch.

The names and addresses of customers that use Australia Post's "Click & Send" service were being exposed by simply manipulating the website url.

The flaw could violate Australia's privacy code.

News Ltd was alerted to the problem by an Australia Post customer, Trent Bourne, a 23-year-old website administrator from Homebush, Sydney, who three times tried to alert the company about the problem.

"The first time they said `oh, our customers are not as smart as you so they will never find this glitch'," he said.

On the other two occasions Mr Bourne said his complaints were ignored.

The flaw is no longer accessible because Australia Post suspended the service after being contacted by News Ltd.

It had been found in the final stage of the Click & Send transaction. Once a user had logged into their account and created an item to send, they were required to print a label to stick on the parcel.

When that happened a pop-up window appeared containing the invoice transaction.

For a user's information to be exposed, all you needed to do was change the six digit shipping ID that could be found in the url that appeared along the top of the pop-up box to another random six digit number and hit enter. The page reloaded to reveal the name and address of another customer and the intended recipient of the parcel. Users needed only change one or two digits to access other customers' invoices.

The invoice also contained an article and reference number - which could be used to access credit card information stored within user accounts.

It was an easy process which News Ltd was able to replicate.

The glitch could not be used to target an individual, but provided a wealth of information through random searches.

Australia Post told News Ltd that the Click & Send service had "been temporarily suspended due to a system error".

"Customers who use the service have been notified via the online site," the spokesperson said.

"As a result, the site has been temporarily deactivated, as our team works to ensure the security of the system for all customers.

"We hope to have the service back up and running as soon as possible.

"Australia Post would like to reassure Click & Send customers that at no stage were their financial details compromised.

"Customers who wish to send parcels should visit their local Australia Post outlet who will assist them."

Australia Post said it had no record of Mr Bourne's complaint.

The Australian Information Commissioner has been contacted for comment.


*Yibida*

  • Action Group
  • Knight of the RT
  • *****
  • Posts: 17998
Re: Click and Send site is down
« Reply #4 on: October 02, 2012, 02:13:12 PM »


"been temporarily suspended due to a system error"

So ... you shut down a WHOLE system because of a minor error ?

no one's privacy has been breached and is safe... tho peoples credit card details could be accessed ?

"people were not smart enough to find the glitch" ...  honest people are not the worry you dicks ...


*wheels*

  • Knights of the RT
  • Knight of the RT
  • *****
  • Posts: 8000
Re: Click and Send site is down
« Reply #5 on: October 02, 2012, 02:31:54 PM »
Yibs, I doubt creditcard details could have been accessed. Card info was not stored on the Click and Send site and had to be input individually for each transaction. The info that would have been visible would have been the senders and recipients addresses. Not sure what any scammers could do with that. More a privacy problem.

*Yibida*

  • Action Group
  • Knight of the RT
  • *****
  • Posts: 17998
Re: Click and Send site is down
« Reply #6 on: October 02, 2012, 02:42:05 PM »
The invoice also contained an article and reference number - which could be used to access credit card information stored within user accounts.



This bit took my notice wheelie...

*wheels*

  • Knights of the RT
  • Knight of the RT
  • *****
  • Posts: 8000
Re: Click and Send site is down
« Reply #7 on: October 02, 2012, 02:45:18 PM »
The site is back up and running now. Just in time to print our labels and get to the PO.

*wheels*

  • Knights of the RT
  • Knight of the RT
  • *****
  • Posts: 8000
Re: Click and Send site is down
« Reply #8 on: October 02, 2012, 02:46:27 PM »
Yibs, I think that bit is incorrect. No creditcard details are stored on the C&S site.

*smee*

  • Action Group
  • Knight of the RT
  • *****
  • Posts: 46854
Re: Click and Send site is down
« Reply #9 on: October 02, 2012, 02:47:25 PM »
Correct , some scaremonger has panicked  and written that

*Brum6y*

  • Knights of the RT
  • Knight of the RT
  • *****
  • Posts: 20136
Re: Click and Send site is down
« Reply #10 on: October 02, 2012, 08:49:13 PM »
While it would explain any recent outage - I can't for the life of me see how that security breach would have caused the site to fall to its knees on Monday last week...

I was helping my seller friend prep their shipping and was given the task of creating two C&S labels ... but the system was throwing errors and dragging its feet (or was it knuckles?).

Eventually, I got up to the stage of printing the labels, but the C&S site just kept throwing errors.  In the end I suggested they use Registered labels if they wanted the items to go that day, with tracking of some sort - which is what they did.


I don't believe they have had the need to use C&S since - but aside from the security fix mentioned above, have there been other outages?

*Brum6y*

  • Knights of the RT
  • Knight of the RT
  • *****
  • Posts: 20136
Re: Click and Send site is down
« Reply #11 on: October 02, 2012, 08:52:39 PM »
Correct , some scaremonger has panicked  and written that

Possibly - but I'm cynical enough to think that some scaremonger has written that to cause panic


 ... to increase sales and/or traffic.

*smee*

  • Action Group
  • Knight of the RT
  • *****
  • Posts: 46854
Re: Click and Send site is down
« Reply #12 on: October 02, 2012, 09:00:43 PM »
???

*wheels*

  • Knights of the RT
  • Knight of the RT
  • *****
  • Posts: 8000
Re: Click and Send site is down
« Reply #13 on: October 02, 2012, 09:25:00 PM »
I don't believe they have had the need to use C&S since - but aside from the security fix mentioned above, have there been other outages?

Yes Brums, last Monday it all fell in a heap after they introduced PayPal as a payment method.

You can always check Aus Post's facebook page or twitter to see if they've posted any info about issues. They've also been posting updates on the eBay boards.

http://community.ebay.com.au/topic/Selling/Click-Send-Issues/600153106

*smee*

  • Action Group
  • Knight of the RT
  • *****
  • Posts: 46854
Re: Click and Send site is down
« Reply #14 on: October 02, 2012, 09:27:51 PM »
Typical IT dept fuckup .... Useless interferring dickwits !