Earlier this week there was a statewide outage from 12:00am til about 7:30am. The issue turned out to be caused by an undersea cable being severed. I don't blame them for this since its a rare occurrence and something they couldn't have easily prevented. What I do take issue with is me periodically losing connection to the mainland and essentially the rest of the internet in the process. I can run a ping on one of the routers on island and have no breaks in the connection, but if I run a ping on the first router outside Hawaii it goes in and out throughout the day. This means unless I'm just connecting to sites in Hawaii, I can't access anything. It usually happens every few hours and will last anywhere from 20 seconds to 10 minutes.
|On the left is a local router (oahuhimili-rtr1.hawaii.rr.com) on the right is a router in california (tustca1-rtr1.socal.rr.com).|
I did a post on this a while ago, but Road Runner has no authentication on their SMTP servers (the ones used to send email). They don't require a user name or password, and the connection between you and their servers is not encrypted. While their POP servers (where your email is stored online) do require a user name and password, there's still no encryption. All communication with these servers are sent in plain text, so anyone eavesdropping on the connection would now have the username and password for your email account.
|Packet captured while checking email.|
Poor User Privacy
I've had to call Road Runner a few times because I've gotten locked out of the account I use to pay my bill to them. This is usually because I have multiple passwords for different Oceanic sites, and I sometimes forget which one is to pay my bill. After a few incorrect attempts I get locked out. Calling up support they are helpful and are able to unlock my account without much work. The problem is that after they unlock my account, they read off my password to me. They don't reset my password to something new and give me that, they give me my current password which means its something they can pull up. I've also had the same issue with my email account where the help desk person was able to pull up my password. The amount of verification done before we get to this point is information you could get off of any copy of my monthly bill. Working at a support desk, or even an administrator, you should never be able to access a user's password. The only thing you should be able to do is reset it to a new random password and give that to them.