Latest update from PlusNet

Just seen this on Service Status:

17/05/2007 @ 11:46 Reports of Spam Email (42837) - UPDATE
This is an update to the previously reported issue regarding the increased volume of unsolicited email being sent to some customers' mailboxes. A copy of the last update can be seen here:-

http://usertools.plus.net/status/archive/1179326830.htm

We have now emailed all PlusNet customers in relation to this incident. The email is continuing to be sent to Force9 and Free-Online customers.

Because the incident is still ongoing and we are continuing to take remedial action, we will not be able to publish the incident report on Friday 18th May as planned. We now plan to publish this on Tuesday 22nd May 2007.

We are publishing an FAQ this afternoon which will answer many of the questions which have been asked.

Overnight we built new Webmail servers which will be used to host a temporary Webmail solution. We hope to make this available tomorrow. This temporary solution is based upon the tried and tested SquirrelMail.

We apologise for the inconvenience the lack of a Webmail Service is causing to our customers but wish to reiterate that the security and stability of our systems is of paramount importance to us.

We will be emailing all of our customers later today to detail our plans for dealing with Spam in the future. One of the most frequent requests from our customers is to have the ability not to download Spam. Next week, as part of our ongoing improvements, we will offer our customers this option, thus reducing the impact of Spam.

We would like to thank our customers for their continued patience and once again apologise for the inconvenience caused.

Kind Regards,

Mark Kelly
Manager Comms & Referrals

In reply to:

---

Overnight we built new Webmail servers which will be used to host a temporary Webmail solution. We hope to make this available tomorrow. This temporary solution is based upon the tried and tested SquirrelMail.

---

Fine providing they don't mess around with it too much. After all isn't that why this whole mess happened in the first place.

In reply to:

---

Overnight we built new Webmail servers which will be used to host a temporary Webmail solution. We hope to make this available tomorrow. This temporary solution is based upon the tried and tested SquirrelMail.

---

SquirrelMail is good... fast... and patches are very up-to-date:

ANNOUNCE: SquirrelMail 1.4.10a Released
May 09, 2007 by Thijs Kinkhorst

"The SquirrelMail Project Team is proud to announce the release of SquirrelMail 1.4.10a.

The 1.4.10 release contains multiple fixes for cross site scripting issues triggered by viewing HTML mail. Besides that it contains bug fixes and stability enhancements. "

Source: http://www.squirrelmail.org/

Tests:
http://secunia.com/search/?search=squirrel

"We apologise for the inconvenience the lack of a Webmail Service is causing to our customers but wish to reiterate that the, security and stability of our systems is of paramount importance to us" My Bold

If that was true, would PN be in the mess it is in now?

In reply to:

---

If that was true, would PN be in the mess it is in now?

---

Maybe - if this was a new vulnerability then I'm not too sure what else they should have done. If it turns out that this is an old one that hadn't been patched then the blame sits squarely with PlusNet.

I'm not sure we'll ever know which it was ...

When yesterday it was a legacy of underinvestment at the firm
I can't see how it can also be "security and stability of our systems is of paramount importance to us"

To me it's one or the other, certainly not both.

One's talking about past behaviour - the other about current - they can easily both be true.

Whether I think they are or not is another issue ....

I'm also reminded of an earlier email which said that since the breach they had done an audit and found a number of other vulnerabilities in the WebMail platform. If security of the platform is of paramount importance why wasn't this audit done previously and acted upon? If they are serious enough to close the platform down now, they must have been serious enough before.

The trouble is instead of holding their hands up, and just getting on with the fix, they want to play the blame game, it's lack on investment in the past, it's @mail etc.

In another post I pointed that out.
What needs to be asked (and answered) is when was the last full audit before this weeks one.

Or did it take this trouble to made them do an audit!

Quite - I asked similar - do they maintain a list of all installed software and regularly check relevant security lists etc. to ensure that they're always up to date?

I bet not ...

If thay haven't it makes "the security and stability of our systems is of paramount importance to us." pure spin.

Maybe time will tell.

"Overnight we built new Webmail servers which will be used to host a temporary Webmail solution. We hope to make this available tomorrow. This temporary solution is based upon the tried and tested SquirrelMail"

Does anyone else see this as out of the frying pan into the fire?

My understanding is they are still addressing the security issue that caught them out last week and now they are planning on rolling out overnight a new solution. I acknowledge that SquirrelMail is an established product but surely there is the issue of how it fits into PlusNet's platform and thus needs testing?

In reply to:

---

We will be emailing all of our customers later today to detail our plans for dealing with Spam in the future.

---

I think they should not send this out. It is information overload and can wait till much later.

I look at the communication by PN from my dad's point of view and what has been sent out thus far would make him very confused and apprehensive. The emails sent do not contain enough useful information on what or how they can make the changes to protect themselves. It would have been wise, IMO, to have sent an email detailing that their system had been compromised and then a step-by-step instruction on how to change the password on the portal, the email client and the router. Although the latter two would have been difficult because of the variety of different hardware equipment in use it would have been a good attempt to try and address the main ones.

Their FAQ is long overdue and can't come soon enough. We must remember that the majority of people have no idea on how to make these changes and need a helping hand.

Edited by rsharma (Thu 17-May-07 13:50:03)

Fair point... the bulk of users will find the information complex and confusing.. a lot of it is too general and lacks concise "what to do" information...

A query in relation to your blog.

"but we need to find a solution foremost in order to be able to communicate with others via email again."

In what way is email unusable? (Excluding webmail only users - or is that your point.)

>In what way is email unusable? (Excluding webmail only users - or is that your point.)

Both. One is the inability to use webmail and the other, for those that are already receiving large amounts of spam, on how to manage their accounts in order to read genuine emails.

Large amounts?

I am receiving the messages detailed... Adobe, WonderC** etc but the total messages total less than 20 in the last week... all of which have been dealt with by spamchecker/outlook etc. I do not in any way at all to play down the MAJOR (*insert expletive of your own choosing*) by PLUSNET, who have let us down in a highy basic unexcusable and unsatisfactory way but is saying that email is unusable going a little too far?

Those of course who have had "virgin" mail addresses will feel the most aggrieved. Like the first time you get a scratch on a new car, likewise those who's children have access to affected email. Plusnet need to implement measures to improve/remove spam before it reaches peoples inboxes.

Paddy - you might have 20 - but some of us have had *multiple* email addresses compromised leading to a significant multiplication on those figures ....

Filtering through 80-100 emails to find the 1 real email is a royal PITA on a setup which previously saw 5 spam a day tops ...

Paddy,

Unfortunately I seem to be getting 20-30 a day at the moment when previously I got none. This is making email unusable for me very quickly as it will only increase.

quite understandable... a major PITA in that circumstance.

I also have multiples - based on [email protected].. not seen anything major yet, must be lucky I guess or alternatively receiving the junk only as a result of being a contact in anothers webmail address book.

Have PN published anything that advises what proportion of users are affected.? though given efficiency on this to date, Im guessing they would not have a clue.

Edited by deleted (Thu 17-May-07 14:14:15)

Some people are reporting a very large number of spam emails. They also might not have your know how on filtering spam therefore what I stated was accurate. I wouldn't have gone through the trouble of writing the article to exaggerate the problems or to have a dig at PN. If I wanted to do that there is plenty of ammunition lying around.

Try handling 300+ a day, with 20 - 40 on average being real emails.

Was not my intention to overegg anything on your behalf.. I have only praise for your contributions in this period. (BTW PN should have provided more but kay sirrah..)

So the basic premise is that some users will have been compromised to an extreme state, others will be at varying degrees and other basic users will have an increase in spam that they already receive but other than that no other effect. That is if they have not been trojaned...... ie) Email as a whole, accross the board is not unusable but is for some ie 10-20-30%... I don't know the figures, PN probably dont either GRRRR

Is that a fair understanding?

300+ a day - Just from PlusNet email? that is a major problem....

In reply to:

---

Email as a whole, accross the board is not unusable but is for some ie 10-20-30%... I don't know the figures, PN probably dont either GRRRR

---

It

My domain used to be hosted on PN. The spam on my catch all email address on my domain has jumped about 4 fold since this happened. Gone from about 40 spams to 150 a day.

As it's business email I scan it every morning to spot the 1 in 500 incorrectly addressed emails, now 1 in 2000. I don't have the luxury of just trashing it.

Don't use Plusnet for email or any other service, though some places I goto do have Plusnet connections