Home   Help Search Groups Login Register  
You are not logged in. To get the full experience of these forums, we recommend you log in or register
Plusnet Usergroup » All Users - The Open Forum » Plusnet Network and Technical Issues » Spam being recieved on Private e-mail addy
Pages: 1 ... 13 14 [15] 16 17 ... 20
  Print  
Author Topic: Spam being recieved on Private e-mail addy  (Read 162525 times)
mikeb

Posts: 657


« Reply #210 on: May 16, 2007, 11:16:13 pm »

I'm confused I got the Plusnet E-Mail about the security breach (saying I must be more careful to avoid spam!!) sent to my "MyName1@username.plus.com"
I haven't rec'd any spam to this address.
The addresses i have rec'd spam on are "MyName2@username.plus.com" and "username@username.plus.com"

Can someone enlighten will all my "AnythingI've set@username.plus.com be spammed"?

Only PN can really answer that as far as the names@ addresses that you're already using are concerned because only they know (or at least they hopefully do by now) exactly what data was obtained and from where. I would suggest that it's reasonably possible if you haven't already had spam to particular names@ addresses so far then those addresses weren't actually got at.

However, whilst only certain names@ are getting the stuff at the moment, I would also suggest that it's only a matter of time before the Random_Chars@ and Good_Guess@ prefixes are used in any case.  So loads and loads of luverly spam coming to a catch-all mbox near you real soon no matter what. yum.yum.yum Sad

And then the fun really begins when the [Censored] start using your address as the 'from' address when sending out their [Censored] so you can expect to get lots of bounced messages from all over the place as well. Oh yeah, and the potential of getting your addresses or domain black-listed into the bargain. Isn't this all good fun ? Sad

Thank you PN, can I have another ?  Grrrrrrrrrrr.

I wonder if Mr.PN would like to confirm (or deny if applicable) that this fiasco is just about exactly the same scenario as what happened with the Whatever@My_Account.force9.net addreses several years ago and is perhaps what prompted the 'enforced' change to using the force9.co.uk form at the time ?   Real funny how all my force9.net form addresses started getting spammed silly not that long after the change ... just like all my old force9.co.uk addresses are now in addition to my current PN addresses.
« Last Edit: May 16, 2007, 11:32:32 pm by mikeb »

--
WARNING: The e-mail address on my profile is not my usual address, all messages sent via this site have been redirected elsewhere for test purposes. This could result in messages not being received in a timely manner or potentially not being received at all.
mikeb

Posts: 657


« Reply #211 on: May 17, 2007, 03:00:21 am »

I would also be very interested to know EXACTLY which version of atmail was being used in anger at the time(s) of the various incidents.  I wouldn't mind betting that that could be a rather embarrassing confession as well rolleyes

Well, I guess PN don't want to answer that but it would appear that someone else does ... and Quelle Surprise, the answer (allegedly) is:

Quote
As the vendor of @Mail we'd like to give our feedback

* Plusnet had been using an older unpatched version of @Mail, based on the 4.X branch of the software. Their install was over a 12 months old, and was not kept updated with our latest versions

* @Mail has not been identified as the security breach for their database, this is to be confirmed. We are not aware of any bugs that do so.

* Our company takes security seriously and regularly updates the software, and are working with Plusnet to have their systems running the latest version of @Mail.


Now, I obviously can't be in any way certain that the above quote which was taken from here is 100% correct and factual in all respects but I'm quite certain that PN will swiftly deny it if this is indeed malicious gossip rather than something rather more than a bit close to the truth Wink

Now what was all that I read in the e-mail about "... the importance of keeping systems as secure as possible. It is important to ensure that you always have the latest operating system updates and patches installed. ..."  rolleyes
« Last Edit: May 17, 2007, 03:10:21 am by mikeb »

--
WARNING: The e-mail address on my profile is not my usual address, all messages sent via this site have been redirected elsewhere for test purposes. This could result in messages not being received in a timely manner or potentially not being received at all.
dan

Posts: 33

« Reply #212 on: May 17, 2007, 08:41:25 am »

Quote
As the vendor of @Mail we'd like to give our feedback

* Plusnet had been using an older unpatched version of @Mail, based on the 4.X branch of the software. Their install was over a 12 months old, and was not kept updated with our latest versions

* @Mail has not been identified as the security breach for their database, this is to be confirmed. We are not aware of any bugs that do so.

* Our company takes security seriously and regularly updates the software, and are working with Plusnet to have their systems running the latest version of @Mail.



As Software Manager in PlusNet, I can assure you that what is stated here is not true.  However, while a full investigation is being undertaken I really can't release much more information at this stage.  As promised by my colleagues earlier, however, a full incident report will be released shortly.

As much as it will (understandably) be difficult for many of you to even want to understand, PlusNet really do appreciate the scale of this incident and have been working around the clock since the it first came to light last week.   My team, the Networks department and others around the business have literally been working all hours of the day including last weekend since this event occurred.  We have implemented a shift system so that people are working around the clock, ensuring that we are as secure as possible, as well as trying to release a functional and secure webmail solution in as timely a way as possible given the circumstances.

I again apologise personally and on behalf of PlusNet for the disruption this is causing.

Dan Kirkland
Software Platform Manager

neilarmstrong

Posts: 733


WWW
« Reply #213 on: May 17, 2007, 08:55:55 am »

Guys,

We are not going to be able to respond fully to this at present for two reasons.

1) We have reason to believe that the post on El Reg is not actually a genuine post from Calacode as we have not got hold of their PR department and it would be an unusual place for a company to post a rebuttal of this sort.

2) We have proof that someone has been spoofing my email address and contacting Calacode claiming to be me in order to get information. So it's just as likely that someone is pretending to be Calacode.

As Dan has said there are factual inaccuracies in what has been posted and we will respond to those in due course.

Neil Armstrong
Products Director
PlusNet
dan

Posts: 33

« Reply #214 on: May 17, 2007, 08:59:46 am »

Hi


In my experience this sort of restriction is normally because the passwords are stored in the  database using a very week scrambling method, i.e. ASCII code shifted, which causes problems when you try and use higher ASCII codes that have no where to be shifted to, hence the use of only a-z and 0-9.

Passwords should be stored using a one way hash so they can't be reversed to reveal the password, this means should the database be compromised the passwords retrieved can not be used to log into the system.

Please tell us PlusNet that you are not using some weak ASCII shifting method of storing passwords in 2007?

Having to start a password with a letter, and with it having to be 5 to 8 characters long makes a dictionary attack easier and as you are not forced to use a number most people will not, so it wouldn't take an impossible amount of time to cycle through the possible combinations of words that are 5 to 8 letters long.  Very insecure and with these basics not even right, it isn't surprising that there are these security problems.  undecided

Edit: I see this has already been flagged in the puggit item.



The current limitation on characters is due to legacy systems rather than any particular method of encryption.  This limitation is being worked on but is in fact a fairly significant piece of work, which we have already started.  We hope that this will be resolved in the next few weeks but we're currently looking at the full impact of changing the systems.  Once we understand the impact we'll be able to give details of the release date.

Kind regards,

Dan Kirkland
Software Platform Manager
wildmind
Guest
« Reply #215 on: May 17, 2007, 09:51:42 am »

Dan,

What really gets my goat on this is that we have been asking for this for at least 4 years or so and been told that there was no risk, the platforms were secure, the password policies were too complex to change, that security was safe....

Now you've got a major security issue and in the middle of dealing with that you are having to deal with all the development involved with this as well - crap planning. If people had listed to the users years ago instead of coming up with platitudes and bs (which we could see through anyway!) you would have more time to spend on securing the platform itself rather than the other areas of the network that should have been nice and secure!
portmoak

Posts: 214


WWW
« Reply #216 on: May 17, 2007, 12:02:13 pm »

As much as it will (understandably) be difficult for many of you to even want to understand...

I think this kind of unpleasant dig at the people who pay your wages is far from justified. Do you have some evidence that we don't want to understand the problems and PN's attitude? Lets' be clear here about who is blameworthy and who is blameless.

PlusNet really do appreciate the scale of this incident and have been working around the clock since the it first came to light last week.

Do you?
Because I host my own personal, private domain with F9 it has been compromised. There's no way to undo this. Even leaving Force9 won't help now. You wouldn't have to be working round the clock (and I'm reminded here of the so-called working round the clock in the last email disaster) if you'd paid the least attention to the many professional customers who have pointed out time and again that PN's testing and security methodologies are primitive.

I again apologise personally and on behalf of PlusNet for the disruption this is causing.

Fine, and thank you for that.
It would be even better if you would at leat realise that PN do not have the world's best engineers and suggestions made in this forum and elsewhere are frequently from lifetime professionals with more expertise than you have.
« Last Edit: May 17, 2007, 12:03:53 pm by portmoak »

Accounts theadamsons and portmoak
F9 customer since 1998.
rascom

Posts: 26

« Reply #217 on: May 17, 2007, 12:12:13 pm »

With so many responses, its getting difficult to see whats been said and what hasn't.  For us this represents a massive problem as we have customers who we have bought across to PlusNet who are now calling us cause they're getting loads of spam and are now being recommended to change all of their passwords.

Someone has really foo'ed us up on this and I cannot see we are ever going to recover as once the known email addresses are out in the spammers domains, we will always be getting this junk.  Changing PN's domain names isn't an option as many of our customers use domain names hosted by PlusNet - changing email addresses isn't a realistic option either.

For info - it's not just webmail accounts.  We have Fax2Email setup on our account and have now started receiving spam on that.  We've never (what would the need be?) sent an email to that address using webmail or any other service, it is solely set up in one place on PlusNet's systems to divert incoming faxes to the specific address.

Thanks a lot PN.  Just when things were looking up.
simonflood

Posts: 88

« Reply #218 on: May 17, 2007, 12:20:49 pm »

One method perhaps would be for PlusNet to introduce a new domain name, i.e. something@username.plus.co.uk that we can then start using and at some point choose to ditch any email to ...plus.com. 

Although this isn't a fool proof solution as if the list is being sold at a premium (as they are known to be valid email addresses) then to keep that premium they could just change the domain in the list and carry on selling it.

PlusNet could allow us to change our usernames so we get a different email address that wouldn't be possible to bulk change in the list as we would all decide differently what to pick however that means losing myname.plus.com to become my_name.plus.com or myname1.plus.com which isn't ideal.

The above is all very well and good if we are only dealing with people who solely use PlusNet's e-mail account (heaven forbid!) for their e-mail.

It doesn't address those, like myself, who have an external domain (which may or not be hosted with PlusNet) to handle their e-mail that behinds the scenes forwards to a PlusNet account.

It also doesn't address the damage caused to family, friends, colleagues, or indeed anyone else who has ever been sent e-mail via the Webmail platform.

This fiasco is not just about damage done to PlusNet's e-mail accounts.  This is much MUCH bigger.

Simon
pjmarsh
Usergroup Member

Posts: 1238


WWW
« Reply #219 on: May 17, 2007, 12:21:30 pm »

As much as it will (understandably) be difficult for many of you to even want to understand...
I think this kind of unpleasant dig at the people who pay your wages is far from justified. Do you have some evidence that we don't want to understand the problems and PN's attitude? Lets' be clear here about who is blameworthy and who is blameless.
I've set up many accounts for people who just want to be able to surf the internet, check email etc... and don't have the slightest interest in how any of it works, or why things have broken.  That's what they have me for.  I'd take Dan's comment you quoted above as just an acknowledgement of those people, and a reassurance that things are being worked on.

Some people, such as myself, would love to have every little detail of everything that is going on, no matter how technical, but I know in situations like this it is not possible, and in many other situations not practical.

Phil
godsell4

Posts: 397

« Reply #220 on: May 17, 2007, 12:47:29 pm »


This fiasco is not just about damage done to PlusNet's e-mail accounts.  This is much MUCH bigger.


Simon,

I am in the same situation, I did the same things as you that you mention in an earlier post in this thread as a result of the previous 'e-mail problem'.

Now our time, effort and money is wasted. See my sig below ...

SW.

BBYW1/10GB
mikeb

Posts: 657


« Reply #221 on: May 17, 2007, 01:01:29 pm »

As Software Manager in PlusNet, I can assure you that what is stated here is not true.  However, while a full investigation is being undertaken I really can't release much more information at this stage.

1) We have reason to believe that the post on El Reg is not actually a genuine post from Calacode ...

OK, that's fair enough and I do understand that not much can be said to back this up as it could prejudice ongoing investigations.  But if a report is published where PN apparently point the finger of blame at a third party supplier then it is not exactly surprising that the third party is going to respond to that in some way in order to limit any possible damage to themselves.  However, I am obviously aware that The Reg are often rather fond of adding their own interpretation and/or spin to any 'official' comments used as a basis for an article, of course, so what you read in the article may not be exactly what was actually said or quotes kept in context etc.

If the remarks allegedly made by Calacode are indeed factually incorrect or simply unfounded malicious gossip then perhaps PN should at least make some form of official statement to that effect via The Reg sooner rather than later to avoid things getting any more out of hand than they already are.

This whole sorry saga is beginning to look very much more like a Mr.Disgruntled being a total PITA rather than truly Mr.Spammer isn't it ?
« Last Edit: May 17, 2007, 01:03:31 pm by mikeb »

--
WARNING: The e-mail address on my profile is not my usual address, all messages sent via this site have been redirected elsewhere for test purposes. This could result in messages not being received in a timely manner or potentially not being received at all.
Peak1

Posts: 4

« Reply #222 on: May 17, 2007, 01:18:56 pm »

It has to be remembered that the Calacode "quote" on El Reg is in the form of a comment from a user called Calacode. This can easily be faked.
jelv1

Posts: 2130

« Reply #223 on: May 17, 2007, 01:21:41 pm »

Hang on, would a reputable news site like El Reg let a faked comment like that remain on it's site? rolleyes

jelv
Daved

Posts: 71

« Reply #224 on: May 17, 2007, 01:44:15 pm »

I left plusnet 6 months ago and don't use webmail. To my knowledge (very careful about this) I do not have my private hosted domain name (hosted with another provider) in ANY address book on plusnet webmail. I have never used a redirect (not even sure how to do one). I suspect that the only place this email address which is listed as my contact address is within my account details. I am receiving this spam through my new provider.

dillons on Plusnet forum
Pages: 1 ... 13 14 [15] 16 17 ... 20
  Print  
 
Jump to: