http://simonwillison.net/2007-09-25T12:03:43+00:00Simon Willison2007-09-25T12:03:43+00:002007-09-25T12:03:43+00:00https://simonwillison.net/2007/Sep/25/orange/#atom-tag

<blockquote cite="http://blog.openiddirectory.com/2007/09/25/first-major-telco-to-support-openid/"><p>Your telco knows who you are, where you live and even your credit card number or bank account. It's their business to provide you physical access from a real location and identify you as a customer by sending you invoices and receiving money from you. This means that Orange OpenIDs are verified IDs of real people as a matter of principle.</p></blockquote> <p class="cite">&mdash; <a href="http://blog.openiddirectory.com/2007/09/25/first-major-telco-to-support-openid/">Thomas Huhn</a></p> <p>Tags: <a href="https://simonwillison.net/tags/identity">identity</a>, <a href="https://simonwillison.net/tags/openid">openid</a>, <a href="https://simonwillison.net/tags/orange">orange</a>, <a href="https://simonwillison.net/tags/strongidentity">strongidentity</a>, <a href="https://simonwillison.net/tags/thomas-huhn">thomas-huhn</a></p>

2007-09-25T00:49:07+00:002007-09-25T00:49:07+00:00https://simonwillison.net/2007/Sep/25/david/#atom-tag

<p><strong><a href="http://daveman692.livejournal.com/314213.html">France Telecom Supports OpenID!</a></strong></p> France Telecom is the parent company of Orange. Apparently all 40 million France Telecom subscribers now have an OpenID. <p>Tags: <a href="https://simonwillison.net/tags/david-recordon">david-recordon</a>, <a href="https://simonwillison.net/tags/francetelecom">francetelecom</a>, <a href="https://simonwillison.net/tags/openid">openid</a>, <a href="https://simonwillison.net/tags/orange">orange</a></p>

2005-11-09T20:52:12+00:002005-11-09T20:52:12+00:00https://simonwillison.net/2005/Nov/9/orange/#atom-tag

<p id="p-0">I had a call on my mobile earlier today from a lady claiming to be from <a href="http://www.orange.co.uk/">Orange</a> (my phone service provider) who told me that my contract was about to expire. She asked me for my password.</p> <p id="p-1">Alarm bells instantly went off in my head, so I told her (truthfully as it happens) that I didn't know my password. Then she asked for my postcode instead.</p> <p id="p-2">At this point I was pretty sure this was a social engineering attack, so I started to quiz her about why she needed the information. She said it was for a "security check". I told her I was uncomfortable giving out information like this to a cold caller over the phone and she said it was nothing to worry about because it was all covered by "the data protection act".</p> <p id="p-3">I said that I would rather conduct my business in an Orange shop, and she told me that she would have to put a mark on my record that I had failed a security check. I interpreted this as a threat, which convinced me that the call was an attempted con. I asked for her name and ended the call.</p> <p id="p-4">I e-mailed Orange customer support via <a href="http://www.orange.co.uk/contact/" title="Orange Customer Service">their website</a> with details of the call and the number it came from (07973 100 194, which looked like a mobile number to me and had further fuelled my suspicions). I just received their reply - the call really was from them!</p> <p id="p-5">Banks and other online services have learnt to repeatedly tell their customers that they will <em>never</em> contact them and ask for their password. Orange are leaving themselves wide open to <a href="http://en.wikipedia.org/wiki/Social_engineering_%28computer_security%29">social engineering</a> attacks. This incredible lack of attention to basic security has given me serious second thoughts about trusting them with my business at all.</p> <p>Tags: <a href="https://simonwillison.net/tags/orange">orange</a>, <a href="https://simonwillison.net/tags/security">security</a>, <a href="https://simonwillison.net/tags/social-engineering">social-engineering</a></p>