You might recall that I wrote about Rogers using JavaScript injections into the browsers of users to give “friendly reminders” about changing the passwords on their Rogers supplied modem+router. Not only that, the configurations of some users (myself included) combined with the fact that the messages sort of implied that Rogers somehow kept track of passwords rubbed some the wrong way. I got a response from Rogers on this yesterday and I have reprinted the relevant parts below:
We thought the New Year was a great time for people to set a resolution to create new, strong passwords that will help boost their online security. As you know, regularly changing your passwords for everything you do online, from banking to social media to your home WiFi network can help protect against vulnerabilities.
We’ve been posting messages on social media since the New Year began, and we’re also reaching out to customers directly to ask people to set strong passwords, including those who are relying on the original default passwords that came with their modem.
And to answer your question specifically – no, we don’t keep track of people’s modem names or passwords.
That statement answered one of my questions, but I still had two questions which I posed to Rogers:
- Why use a JavaScript injection to deliver this message? For someone like me who makes a living stopping JavaScript injections from infecting corporate networks, that’s a MAJOR no-no?
- Many of the people who aren’t thrilled about this (myself included) have your modems in bridge mode which makes this a non-factor. I am guessing that you can’t tell what mode the modem is, or is this just a blanket message sent out to all users?
I sent those questions yesterday and I have not received a response. After sitting on this for most of today, I decided to go ahead with this update and if Rogers responds to my questions, I’ll post another update as these are the questions that based on the comments to the original story and e-mails that I’ve received, people want answered.
UPDATE: Rogers just provided this response:
We sent direct messages to customers via email and via a pop-up in an effort to reach as many people as possible. The campaign was designed around reaching a broad range of customers to boost online security.
Note that the question about why they used a JavaScript injection to do this wasn’t answered. But the rest of this statement allows you to fill in the blanks.
Like this:
Like Loading...
Related
This entry was posted on January 19, 2016 at 6:35 pm and is filed under Commentary with tags Rogers. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Rogers Responds To My Story About Injecting “Friendly Reminder” About Their Modems [UPDATED]
You might recall that I wrote about Rogers using JavaScript injections into the browsers of users to give “friendly reminders” about changing the passwords on their Rogers supplied modem+router. Not only that, the configurations of some users (myself included) combined with the fact that the messages sort of implied that Rogers somehow kept track of passwords rubbed some the wrong way. I got a response from Rogers on this yesterday and I have reprinted the relevant parts below:
We thought the New Year was a great time for people to set a resolution to create new, strong passwords that will help boost their online security. As you know, regularly changing your passwords for everything you do online, from banking to social media to your home WiFi network can help protect against vulnerabilities.
We’ve been posting messages on social media since the New Year began, and we’re also reaching out to customers directly to ask people to set strong passwords, including those who are relying on the original default passwords that came with their modem.
And to answer your question specifically – no, we don’t keep track of people’s modem names or passwords.
That statement answered one of my questions, but I still had two questions which I posed to Rogers:
I sent those questions yesterday and I have not received a response. After sitting on this for most of today, I decided to go ahead with this update and if Rogers responds to my questions, I’ll post another update as these are the questions that based on the comments to the original story and e-mails that I’ve received, people want answered.
UPDATE: Rogers just provided this response:
We sent direct messages to customers via email and via a pop-up in an effort to reach as many people as possible. The campaign was designed around reaching a broad range of customers to boost online security.
Note that the question about why they used a JavaScript injection to do this wasn’t answered. But the rest of this statement allows you to fill in the blanks.
Share this:
Like this:
Related
This entry was posted on January 19, 2016 at 6:35 pm and is filed under Commentary with tags Rogers. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.