Safety of registering with 18866

Discussion in 'UK VOIP' started by Joe Harrison, Jun 25, 2005.

  1. Joe Harrison

    Joe Harrison Guest

    I like the rates for calling UK mobiles via www.18866.com so am tempted to
    sign up.

    Trouble is they bill you retrospectively, it's not like you buy £x.xx of
    credit which you then use up. An unlimited number of calls can mount up and
    you're responsible.

    Given that sending VOIP login parameters doesn't seem to be encrypted in any
    way is this a recipe for suddenly / too late discovering someone has
    "borrowed" your credentials and run up a huge bill which you then get stuck
    with paying?

    Anyone got any suggestions for any other provider with particularly good
    rates to call UK mobiles?

    Joe
     
    Joe Harrison, Jun 25, 2005
    #1
    1. Advertising

  2. Joe Harrison

    Guest

    On Sat, 25 Jun 2005 14:30:07 GMT, "Joe Harrison"
    <> wrote:

    >I like the rates for calling UK mobiles via www.18866.com so am tempted to
    >sign up.
    >
    >Trouble is they bill you retrospectively, it's not like you buy £x.xx of
    >credit which you then use up. An unlimited number of calls can mount up and
    >you're responsible.

    I have been with 18866 since they first came to this country and I
    haven't paid them ten pounds in call charges up to now and they have
    never tried to take more cash than they should from my card .
    > An unlimited number of calls can mount up and
    >you're responsible

    It would take quite a time to mount up to anything substantial at 2 p
    a call .
     
    , Jun 25, 2005
    #2
    1. Advertising

  3. Joe Harrison

    Joe Harrison Guest

    <> wrote in message
    news:...
    > On Sat, 25 Jun 2005 14:30:07 GMT, "Joe Harrison"
    > <> wrote:
    >
    > >I like the rates for calling UK mobiles via www.18866.com so am tempted

    to
    > >sign up.
    > >
    > >Trouble is they bill you retrospectively, it's not like you buy £x.xx of
    > >credit which you then use up. An unlimited number of calls can mount up

    and
    > >you're responsible.

    > I have been with 18866 since they first came to this country and I
    > haven't paid them ten pounds in call charges up to now and they have
    > never tried to take more cash than they should from my card .
    > > An unlimited number of calls can mount up and
    > >you're responsible

    > It would take quite a time to mount up to anything substantial at 2 p
    > a call .


    I don't think I explained this very well. I am not suggesting that 18866
    would over-bill me.

    But what prevents someone from sniffing my unencrypted SIP credentials
    (password etc.) and then using my account? Calls can be substantially more
    than 2p, for example Pakistan 15p. I could get a hell of a bill.

    Joe
     
    Joe Harrison, Jun 25, 2005
    #3
  4. Joe Harrison

    Guest

    On Sat, 25 Jun 2005 14:59:38 GMT, "Joe Harrison"
    <> wrote:

    >
    ><> wrote in message
    >news:...
    >> On Sat, 25 Jun 2005 14:30:07 GMT, "Joe Harrison"
    >> <> wrote:
    >>
    >> >I like the rates for calling UK mobiles via www.18866.com so am tempted

    >to
    >> >sign up.
    >> >
    >> >Trouble is they bill you retrospectively, it's not like you buy £x.xx of
    >> >credit which you then use up. An unlimited number of calls can mount up

    >and
    >> >you're responsible.

    >> I have been with 18866 since they first came to this country and I
    >> haven't paid them ten pounds in call charges up to now and they have
    >> never tried to take more cash than they should from my card .
    >> > An unlimited number of calls can mount up and
    >> >you're responsible

    >> It would take quite a time to mount up to anything substantial at 2 p
    >> a call .

    >
    >I don't think I explained this very well. I am not suggesting that 18866
    >would over-bill me.
    >
    >But what prevents someone from sniffing my unencrypted SIP credentials
    >(password etc.) and then using my account? Calls can be substantially more
    >than 2p, for example Pakistan 15p. I could get a hell of a bill.

    I wasn't thinking that Joe I was thinking along the lines of you
    didn't want to be faced with a large bill that you couldn't pay. using
    1866 for other than geographic UK calls is a different kettle of fish
    all togather .
     
    , Jun 25, 2005
    #4
  5. Joe Harrison

    Joe Harrison Guest

    <> wrote in message
    news:...
    > On Sat, 25 Jun 2005 14:59:38 GMT, "Joe Harrison"
    > <> wrote:
    >
    > >
    > ><> wrote in message
    > >news:...
    > >> On Sat, 25 Jun 2005 14:30:07 GMT, "Joe Harrison"
    > >> <> wrote:
    > >>
    > >> >I like the rates for calling UK mobiles via www.18866.com so am

    tempted
    > >to
    > >> >sign up.
    > >> >
    > >> >Trouble is they bill you retrospectively, it's not like you buy £x.xx

    of
    > >> >credit which you then use up. An unlimited number of calls can mount

    up
    > >and
    > >> >you're responsible.
    > >> I have been with 18866 since they first came to this country and I
    > >> haven't paid them ten pounds in call charges up to now and they have
    > >> never tried to take more cash than they should from my card .
    > >> > An unlimited number of calls can mount up and
    > >> >you're responsible
    > >> It would take quite a time to mount up to anything substantial at 2 p
    > >> a call .

    > >
    > >I don't think I explained this very well. I am not suggesting that 18866
    > >would over-bill me.
    > >
    > >But what prevents someone from sniffing my unencrypted SIP credentials
    > >(password etc.) and then using my account? Calls can be substantially

    more
    > >than 2p, for example Pakistan 15p. I could get a hell of a bill.

    > I wasn't thinking that Joe I was thinking along the lines of you
    > didn't want to be faced with a large bill that you couldn't pay. using
    > 1866 for other than geographic UK calls is a different kettle of fish
    > all togather .


    OK well that brings us back to my actual question - does anyone know what
    the answer is?

    Unless there is some factor I haven't considered then using 18866 with VOIP
    is potentially a suicidally crazy thing to do. You are basically handing the
    entire internet a free invitation to make thousands of calls charged on your
    bank account.
     
    Joe Harrison, Jun 25, 2005
    #5
  6. Joe Harrison

    Guest

    On Sat, 25 Jun 2005 16:45:31 GMT, "Joe Harrison"
    <> wrote:


    >. You are basically handing the
    >entire internet a free invitation to make thousands of calls charged on your
    >bank account.

    I think you have lost me here Joe only you can make calls from your
    account .
     
    , Jun 25, 2005
    #6
  7. Joe Harrison

    sandman112 Guest

    <> wrote in message
    news:...
    > On Sat, 25 Jun 2005 16:45:31 GMT, "Joe Harrison"
    > <> wrote:
    >
    >
    >>. You are basically handing the
    >>entire internet a free invitation to make thousands of calls charged on
    >>your
    >>bank account.

    > I think you have lost me here Joe only you can make calls from your
    > account .


    hes trying to say, whats to stop someone from 'stealing' (be that phishing
    or whatever) your voip account details then ringing up loads of calls on
    your account and your left to foot the bill ... and its a good point,
    perhaps the only way to stop that would be for 18866 to indroduce the option
    of top up style accounts like sipgate use.

    really its much the same threat as someone stealing your net banking details
    .... if you use common sence and keep your PC as secure as you can then you
    should be ok i would think.

    i remember i was a bit wary of signing up with 18866 at first but that was
    because i was unsure they were a reputable company to deal with, there lack
    of contact details is very off putting, and ive NEVER recieved anything at
    all from there customer services dept, if they even have one
     
    sandman112, Jun 25, 2005
    #7
  8. On Sat, 25 Jun 2005 16:45:31 GMT, "Joe Harrison"
    <> wrote:

    >Unless there is some factor I haven't considered then using 18866 with VOIP
    >is potentially a suicidally crazy thing to do.


    get a sense of proportion man, "suicidally crazy" ???

    Phil
    --
    spamcop.net address commissioned 18/06/04
    Come on down !
     
    Phil Thompson, Jun 25, 2005
    #8
  9. Joe Harrison

    Joe Harrison Guest

    <> wrote in message
    news:...
    > On Sat, 25 Jun 2005 16:45:31 GMT, "Joe Harrison"
    > <> wrote:
    >
    >
    > >. You are basically handing the
    > >entire internet a free invitation to make thousands of calls charged on

    your
    > >bank account.

    > I think you have lost me here Joe only you can make calls from your
    > account .


    Whenever your VOIP device registers it sends your username and password
    UNPROTECTED over a hostile internet which we all know contains many
    varieties of criminals and phraud artists.

    What do you think would happen if your 18866 password was grabbed then
    resold on IRC? Of course it is obvious that by tomorrow you would be holding
    the bag for thousands of expensive calls.

    This is why I prefer to buy chunks of credit, the worst that can happen is
    that someone steals the unexpired portion of credit and I would be out of
    pocket by a maximum of (for example) 10.00. But when unlimited calls can be
    direct-debited from your bank account it is a much different story.
     
    Joe Harrison, Jun 25, 2005
    #9
  10. Joe Harrison

    Joe Harrison Guest

    "Phil Thompson" <> wrote in message
    news:...
    > On Sat, 25 Jun 2005 16:45:31 GMT, "Joe Harrison"
    > <> wrote:
    >
    > >Unless there is some factor I haven't considered then using 18866 with

    VOIP
    > >is potentially a suicidally crazy thing to do.

    >
    > get a sense of proportion man, "suicidally crazy" ???


    Well not if you can easily stand the loss, say perhaps you are a business
    with insurance or something.

    But I am talking about ordinary users who suddenly find (for example) that
    the Russian Mafia had stuck them with twenty thousand minutes at GBP 0.15
    per, that would be a lot of money for me at least.

    Joe
     
    Joe Harrison, Jun 25, 2005
    #10
  11. Joe Harrison

    Guest

    On Sat, 25 Jun 2005 17:53:10 GMT, "sandman112"
    <sandman112[SPAMTRAPER]@by.co.uk> wrote:
    >i remember i was a bit wary of signing up with 18866 at first but that was
    >because i was unsure they were a reputable company to deal with, there lack
    >of contact details is very off putting, and ive NEVER recieved anything at
    >all from there customer services dept, if they even have one

    1866 have proved to me has a long standing customer now that they can
    be trusted but like you I wasn't so sure when I first signed up and
    their reluctance to provide a phone number that you can contact them
    on puts me off has does this same problem with Sipgate also .
     
    , Jun 25, 2005
    #11
  12. Joe Harrison

    Guest

    On Sat, 25 Jun 2005 18:01:11 GMT, "Joe Harrison"
    <> wrote:


    >This is why I prefer to buy chunks of credit, the worst that can happen is
    >that someone steals the unexpired portion of credit and I would be out of
    >pocket by a maximum of (for example) 10.00. But when unlimited calls can be
    >direct-debited from your bank account it is a much different story.

    Sorry Joe I never use 18866 VOIP I use them via BT line .
     
    , Jun 25, 2005
    #12
  13. Joe Harrison wrote:

    > Whenever your VOIP device registers it sends your username and password
    > UNPROTECTED over a hostile internet which we all know contains many
    > varieties of criminals and phraud artists.


    assuming you are using SIP, this is wrong. SIP uses MD5 hashes and
    other stuff in the authentication mechanism, the password is NOT
    transmitted in the clear.

    --
    Ben Smithurst gradwell dot com Ltd
    Systems Developer http://bensmithurst.com/ http://www.gradwell.com/
     
    Ben Smithurst, Jun 25, 2005
    #13
  14. Joe Harrison wrote:
    > I like the rates for calling UK mobiles via www.18866.com so am tempted to
    > sign up.
    >
    > Trouble is they bill you retrospectively, it's not like you buy £x.xx of
    > credit which you then use up. An unlimited number of calls can mount up and
    > you're responsible.
    >
    > Given that sending VOIP login parameters doesn't seem to be encrypted in any
    > way is this a recipe for suddenly / too late discovering someone has
    > "borrowed" your credentials and run up a huge bill which you then get stuck
    > with paying?
    >
    > Anyone got any suggestions for any other provider with particularly good
    > rates to call UK mobiles?
    >
    > Joe
    >
    >


    It is a very good point that has been addressed to a remarkable degree
    from the beginning.

    SIP uses Digest Authentication, Smime, TLS and IPSEC.

    I would be more concerned over trojan horses on the PC. I would not be
    concerned about authentication issues with sniffers.

    The best option with any VOIP system is dedicated hardware.

    Or, as Joe says, damage limitation.
     
    Geoff Harrison, Jun 25, 2005
    #14
  15. Joe Harrison

    Martin² Guest

    Geoff Harrison:
    >The best option with any VOIP system is dedicated hardware.


    Ehh ? That too has to send user ID and password, so security wise it's no
    different.
    But as already said, it's encrypted and there is lot more chance of someone
    guessing at an username and password then intercepting traffic, isolating
    the SIP login data and decrypting it.

    To Joe:
    Here is your solution: sign up with VoIPbuster.com, pay them ?1 and get free
    calls to most of the 1st world and some Eastern Europe. Can't lose very much
    !
    Regards,
    Martin
     
    Martin², Jun 26, 2005
    #15
  16. Martin² wrote:
    > Geoff Harrison:
    >
    >>The best option with any VOIP system is dedicated hardware.

    >
    >
    > Ehh ? That too has to send user ID and password, so security wise it's no
    > different.
    > But as already said, it's encrypted and there is lot more chance of someone
    > guessing at an username and password then intercepting traffic, isolating
    > the SIP login data and decrypting it.
    >
    > To Joe:
    > Here is your solution: sign up with VoIPbuster.com, pay them ?1 and get free
    > calls to most of the 1st world and some Eastern Europe. Can't lose very much
    > !
    > Regards,
    > Martin
    >
    >
    >


    Of course it has to send the user ID and password.

    I obviously meant with respect to Trojans on the PC if using software,
    which is were I aired the major concerns in my reply.
     
    Geoff Harrison, Jun 26, 2005
    #16
  17. On Sat, 25 Jun 2005 18:12:43 GMT, "Joe Harrison"
    <> wrote:

    > that would be a lot of money for me at least.


    so you would kill yourself ?

    Phil
    --
    spamcop.net address commissioned 18/06/04
    Come on down !
     
    Phil Thompson, Jun 26, 2005
    #17
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. {{{{{Welcome}}}}}

    Re: 1899 & 18866 VOIP calls are no more!!

    {{{{{Welcome}}}}}, May 19, 2005, in forum: UK VOIP
    Replies:
    28
    Views:
    1,998
    Jonathan
    May 28, 2005
  2. PeterW

    18866 VoIP still free (+1p)

    PeterW, May 21, 2005, in forum: UK VOIP
    Replies:
    0
    Views:
    941
    PeterW
    May 21, 2005
  3. Phil Thompson

    incoming IAX2 to 18866 softphone client ?

    Phil Thompson, May 27, 2005, in forum: UK VOIP
    Replies:
    0
    Views:
    1,136
    Phil Thompson
    May 27, 2005
  4. David Floyd

    Re: VoIPBuster and 18866 VOIP??

    David Floyd, Jun 9, 2005, in forum: UK VOIP
    Replies:
    7
    Views:
    1,179
    Stickems.
    Jun 10, 2005
  5. Dave
    Replies:
    14
    Views:
    1,883
    Roger V
    Jun 11, 2005
Loading...

Share This Page