Warning Re HAL's New Internet Service

[sapper1]

I am currently on the Zuiderdam and this is a warning about a security flaw in the new HAL internet system as it pertains to CC.

 

I do not sign out of CC. It has been my habit to tick the "remember me" box. I keep a CC icon on my iPad desktop and just click on that to connect to CC.

 

Today when I clicked on the icon, I was signed into CC as another CC member who is also on the ship. I immediately went looking for this member and when I found her, she opened her CC page and found she was signed on as me. The ship's system had criss crossed our CC accounts. If it had been a flaw in CC security it is doubtful the mix up would have involved someone also on the ship.

 

We have both logged out and unchecked the "remember me" boxes in the hope that will prevent the issue from arising again.

 

I would like to ask that if anyone sees a post in the next few weeks that does not really sound like me I would appreciate it being brought to my attention. A person intent on causing trouble could really do a lot of harm if they were signed into another's account.

[kazu]

I am currently on the Zuiderdam and this is a warning about a security flaw in the new HAL internet system as it pertains to CC.

 

I do not sign out of CC. It has been my habit to tick the "remember me" box. I keep a CC icon on my iPad desktop and just click on that to connect to CC.

 

Today when I clicked on the icon, I was signed into CC as another CC member who is also on the ship. I immediately went looking for this member and when I found her, she opened her CC page and found she was signed on as me. The ship's system had criss crossed our CC accounts. If it had been a flaw in CC security it is doubtful the mix up would have involved someone also on the ship.

 

We have both logged out and unchecked the "remember me" boxes in the hope that will prevent the issue from arising again.

 

I would like to ask that if anyone sees a post in the next few weeks that does not really sound like me I would appreciate it being brought to my attention. A person intent on causing trouble could really do a lot of harm if they were signed into another's account.

 

WOW!!!

 

That's scary - if it is the ship's internet who knows what else that person has access to that you didn't sign out of? FB, bank accounts whatever.

 

Now the real question becomes is it a combination of cc and the ship's internet, the ship's internet or cc?

 

this is really SCARY and thank you for alerting us.

 

I hope it gets rectified and I know if you find what out what caused the problem you will share

[Krazy Kruizers]

Thank you for the warning.

[rkacruiser]

What next!

 

Thanks for the warning.

[CowPrincess]

Wow, very "not good" -- is there an internet manager onboard, or do you just have the librarian?

[frankc98376]

that is very odd. Your login info should be stored on cookies on your machine.

Very troubling.

[1of4]

Well that was not what I expected when I started reading your post. I figured your minutes were all gone, but this is so much worse.

 

I will make sure to keep a look out and let you know if you sound different! ;)

 

Enjoy your cruises.

Edited April 24, 2014 by 1of4

[shrimpboat123]

I think there is one valuable lesson learned here.

 

You should always logout of every site you have to log into before turning off your computer, iPad or whatever. I know it is time consuming to have to re-login each time, but it is much safer.

[Hlitner]

Oh my! I guess this is what some HAL cheerleaders call progress :). We are cruising with 3 lines this year, Princess, Celebrity and HAL. On both Princess and Celebrity we get hundreds of minutes of free internet time. On HAL we have to pay for every minute and I guess it is not even secure!

 

Hank

[CowPrincess]

I just got email from Sapper1, and she has decided it is currently too risky to post on CC while she's on the ship. She will try from various ports, though. If there's anything that she thinks is urgent, she will email me or another poster and have us post it for her.

 

So no update on the issues for at least a while.

[kazu]

I just got email from Sapper1, and she has decided it is currently too risky to post on CC while she's on the ship. She will try from various ports, though. If there's anything that she thinks is urgent, she will email me or another poster and have us post it for her.

 

So no update on the issues for at least a while.

 

Thanks CP

 

I am still befuddled by this one - and how it could happen.

 

I have used internet on board and never seen it so this is really troubling.

 

Many thanks to sapper1 for the immediate heads up. I am sure it cost money to do that post.

[g&gtravel]

Recently on the Zuider, I logged into airline and printed two boarding passes and was billed for 25 minutes. Check your time when you start and end.

[Mtn2Sea]

Wow! I was thinking about doing another live review on my next cruise, but between this issue and the slowness of the new system (see Jeff's blog), I'm having real concerns.

[sherilyn70]

I am still befuddled by this one - and how it could happen.

 

I have used internet on board and never seen it so this is really troubling.

The most likely explanation is that they have a server that caches (stores a local copy of what it sees) the websites visited. When you go to a page that many people use it can speed things up if it's a static (not constantly changing) page. Providers use this method to reduce bandwidth used and access times but it often causes weird issues like this. It's bad if they're caching sites you log into.

 

Sent from my SCH-I545 using Tapatalk

[rkacruiser]

I have never considered trying to post a blog on CC during the cruise because of the extremely slow connection speeds as well as connection problems from the ship. I have found it difficult enough just to send e-mails.

[Stratheden]

The most likely explanation is that they have a server that caches (stores a local copy of what it sees) the websites visited. When you go to a page that many people use it can speed things up if it's a static (not constantly changing) page. Providers use this method to reduce bandwidth used and access times but it often causes weird issues like this. It's bad if they're caching sites you log into.

 

Sent from my SCH-I545 using Tapatalk

Hope they don't bank at the same bank.

[POA1]

Deleted for being way too geeky.

Edited April 24, 2014 by POA1

[kazu]

It's the WiFi session connect token. It's built off the session ID and MAC of the device. I wonder if they were both iPad users.

 

Safety tip: Always power off your wireless adapter at the end of a session after you log out. Yes, you will have to retype your login and password, but it's much safer that way.

 

Could you kindly put this last statement in English (for those of us not techie brilliant?) On board, I log out HAL's internet and CC, and yes I take an Ipad.

 

Are you saying to shut down the Ipad everytime? ( I let it sleep sometimes) or is there something else we have to do as power off the wireless adapter????

 

I don't consider myself Ipad adept. It's my travel tool right now. Eventually I will get there but right now even on my lap top, I don't know how to power off my wireless adapter.:o:o

[POA1]

Could you kindly put this last statement in English (for those of us not techie brilliant?) On board, I log out HAL's internet and CC, and yes I take an Ipad.

 

Are you saying to shut down the Ipad everytime? ( I let it sleep sometimes) or is there something else we have to do as power off the wireless adapter????

 

I don't consider myself Ipad adept. It's my travel tool right now. Eventually I will get there but right now even on my lap top, I don't know how to power off my wireless adapter.:o:o

 

 

iPad:

 

Settings / WiFi / Toggle Off

 

Reverse the process when you turn the machine back on.

 

The laptop will have a switch you toggle. If it's a Mac, you can do the same thing as on your iPad. Button location varies by machine. Check you manual. Always check for traffic before entering the intersection.

 

 

I deleted my previous post because I realized that it was a bit technical.

Edited April 24, 2014 by POA1

[kazu]

iPad:

 

Settings / WiFi / Toggle Off

 

Reverse the process when you turn the machine back on.

 

The laptop will have a switch you toggle. If it's a Mac, you can do the same thing as on your iPad. Button location varies by machine. Check you manual. Always check for traffic before entering the intersection.

 

 

I deleted my previous post because I realized that it was a bit technical.

 

Thank you very much:D

 

Laptop isn't a Mac but I am only worried about the Ipad for the ship after this.

 

Really appreciate you coming back and explaining.

 

I have never toggled off my wifi because I thought when I logged out of the ship's internet it was off - lesson learned.

 

I have been reading my manuals and thought I had learned a lot - but it's great to learn more and much appreciated.:D

[POA1]

Thank you very much:D

 

Laptop isn't a Mac but I am only worried about the Ipad for the ship after this.

 

Really appreciate you coming back and explaining.

 

I have never toggled off my wifi because I thought when I logged out of the ship's internet it was off - lesson learned.

 

I have been reading my manuals and thought I had learned a lot - but it's great to learn more and much appreciated.:D

 

I'm pretty sure that you're fine. We just replicated the problem here at the Institute for Cheer. We took two machines, a laptop and an Android phone and was able to make the CC server swap the sessions. It's independent of the HAL network. You can do it on a business LAN or home netwrk that has a single IP address backed by private IPs for the connected machines. It appears to be how CC is seeing the persistent login when devices have the same IP address. (The ship's network assigns a private address to each machine, but the public-facing IP addresses are shared.)

 

I wouldn't worry about it impacting your banking or mail or anything.

Edited April 24, 2014 by POA1

[CowPrincess]

Thanks POA1

Edited April 24, 2014 by CowPrincess

[sppunk]

It's actually more of a CC security flaw issue than HAL issue. Don't use any password on this site you use for any others.

[GeriatricNurse]

I am currently on the Zuiderdam and this is a warning about a security flaw in the new HAL internet system as it pertains to CC.

 

I do not sign out of CC. It has been my habit to tick the "remember me" box. I keep a CC icon on my iPad desktop and just click on that to connect to CC.

 

Today when I clicked on the icon, I was signed into CC as another CC member who is also on the ship. I immediately went looking for this member and when I found her, she opened her CC page and found she was signed on as me. The ship's system had criss crossed our CC accounts. If it had been a flaw in CC security it is doubtful the mix up would have involved someone also on the ship.

 

We have both logged out and unchecked the "remember me" boxes in the hope that will prevent the issue from arising again.

 

I would like to ask that if anyone sees a post in the next few weeks that does not really sound like me I would appreciate it being brought to my attention. A person intent on causing trouble could really do a lot of harm if they were signed into another's account.

 

I would never click on "remember me" on any website on any computer, private or public! :eek: Too many 'what if's'. ;)

[GeriatricNurse]

I think there is one valuable lesson learned here.

 

You should always logout of every site you have to log into before turning off your computer, iPad or whatever. I know it is time consuming to have to re-login each time, but it is much safer.

 

Excellent advice! I agree 100%! :)