Home   Help Search Groups Login Register  
You are not logged in. To get the full experience of these forums, we recommend you log in or register
Plusnet Usergroup » All Users - The Open Forum » Plusnet Customer Service Issues » PUGIT 29 suddenly got more appealing
Pages: [1]
  Print  
Author Topic: PUGIT 29 suddenly got more appealing  (Read 5447 times)
Oldjim

Posts: 1016

« on: February 06, 2007, 05:31:34 pm »

http://portal.plus.net/central/forums/viewtopic.php?t=53408
http://www.plus.net/support/customer_service/community/forum_security.shtml
NB
Usergroup Member

Posts: 2071

« Reply #1 on: February 06, 2007, 09:11:11 pm »

Quote from: support e-mail
....This only affects customers who have used a 'weak' password....

Any password that is a maximum of 8 lowercase alphanumenric characters. rolleyes
Pendragon

Posts: 22

« Reply #2 on: February 07, 2007, 12:10:12 pm »

Just one small point, it forgets to mention you will also need to update the password in any email software like Outlook Express etc otherwise you will receive errors when you try and download your email.

Regards, P.

Weymouth & Portland, hosts to the 2012 Olympic Sailing events.

Force 9 ADSL Max 5.5 (upgraded from 512K).
Oldjim

Posts: 1016

« Reply #3 on: February 07, 2007, 12:24:39 pm »

Only for the postmaster account - all the other e-mail passwords remain the same
Ultra

Posts: 777

WWW
« Reply #4 on: February 07, 2007, 12:44:42 pm »

I guess those who are paranoid enough to change their p/w every month will be happy to take on the additional chore of tracking such matters.   

Personally I remember passwords as a nightmare in a multi-user environment.  Years ago we had to change ours every three months and old ones could not be re-used.  I was in a support job and it was probably the source of 20% of our enquiries...

I can see some potential problems, but am probably in a minority about not feeling a change is really needed from the current setup, knowing there are multiple background services that need to be kept synchronised alongside a user just typing in a new p/w...
Oldjim

Posts: 1016

« Reply #5 on: February 07, 2007, 12:58:24 pm »

We had the same type of requirement at work where the password had to be changed every month and couldn't be reused - guess whose password was in the style of "passwordjan07" "passwordfeb07" etc. so I never forgot it  grin
Pendragon

Posts: 22

« Reply #6 on: February 07, 2007, 01:06:21 pm »

I agree Netguy, having been in the same situation for longer than I would like to remember. I hated the pop up reminder to change the administrator password and having to think of something new each time. I did try and use a password generator but that caused even more problems as no-one could remember them at all.

Then each time the password changed you had to log the change, put the password in a sealed envelope and pass it to management for off site storage (in case you were killed or the site was destroyed and someone else needed the password).

Just changing the password is simple but, you also have to change it in the software, and in your router and in any other PCís and laptops that access your default mailbox and of course remember it when you log in to the portal and if you need it for webmail.

I will change it but itís such a drag remembering to make all the other changes.

Such is life, regards, Colin.

Weymouth & Portland, hosts to the 2012 Olympic Sailing events.

Force 9 ADSL Max 5.5 (upgraded from 512K).
Ultra

Posts: 777

WWW
« Reply #7 on: February 07, 2007, 03:12:13 pm »

Perhaps it will now be clear to you two guys just why I suggested PUGIT item 257 Smiley
Ultra

Posts: 777

WWW
« Reply #8 on: February 07, 2007, 03:52:10 pm »

re the original news item, on a glitch over security, I was comparing how three websites reported it:

ISP review : Plusnet Suffers Website Security Glitch

ThinkBroadband : "PlusNet warn portal users of security issue"

The Register : "PlusNet goofs on passwords"

(I wasn't particularly impressed by the headline they chose to use, but fortunately the article does include 'theoretically' in the first para, so 'knockers' should understand it's more of a molehill than a mountain of a problem for users)


One useful thing out of visiting The Register is the beta version of Skinker's news ticker, which allows one to add other RSS feeds (so you should be able to add the PUG service status URL and get news in the ticker - I've just added another 4 RSS feeds, but debated about the service status - with my other RSS reader, 'SharpReader', there are over 500 items for PN, compared with under 100 for any other ISP I monitor).

I've previously come across Skinker and think it was at the BBC web site where I noticed it first...  seems pretty good, but be warned it is for Win 2000/XP at present, in case you use an iMac or other OS.  (and sorry, I'll stop going off at a tangent now...)
godsell4

Posts: 397

« Reply #9 on: February 08, 2007, 03:13:00 am »


One question, although the message from PN states 'it has recently been found ...', can someone confirm if this was in fact the issue from sophos9 on the portal in late August06 here.

SW.

BBYW1/10GB
cogilvie

Posts: 798


« Reply #10 on: February 08, 2007, 07:16:10 am »

The issue that was raised by sophos9 is described in http://www.plus.net/support/download/XSSIncident.doc as posted by Nigel Wood later on in the thread.

Colin Ogilvie
Application Developer
Plusnet
James

Posts: 1010


3567190798

« Reply #11 on: February 08, 2007, 08:20:04 am »

Will there be a similar incident report for the vunerability recently patched?

Best Wishes - James

Tell me and I'll forget; show me and I may remember; involve me and I'll understand. - Chinese Proverb
Pages: [1]
  Print  
 
Jump to: