User comments on ISPs
  >> PlusNet plc


Register (or login) on our website and you will not see this ad.


These posts have been archived and can no longer be replied to or modified.
Pages in this thread: 1 | 2 | 3 | 4 | [5] | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | (show all)   Print Thread
Standard User jelv
(fountain of knowledge) Wed 16-May-07 09:56:52
Print Post

Re: Things you can do to mitigate the email proble


[re: blewit] [link to this post]
 
Perhaps more than one server was hacked and Plusnet are not aware?

jelv

Plusnet ADSL PAYG Jan 2004 -
Plusnet Dialup Nov 2001 to Jan 2004
Previously Compuserve, BT & LineOne Dialup
Standard User deleted
(deleted) Wed 16-May-07 09:58:47
Print Post

Re: Things you can do to mitigate the email proble


[re: jelv] [link to this post]
 
really wouldnt suprise me - if the compromise was indeed through @mail and web based attack, the load balencer may have thrown the attacker on a number of the different backend hosts.
Standard User TheFlyingGribble
(member) Wed 16-May-07 10:01:51
Print Post

Re: Things you can do to mitigate the email proble


[re: blewit] [link to this post]
 
In reply to:

Just to be clear the trojan that's being talked about wasn't delivered in an email - the hacker modified the HTML of the webmail interface so that your browser would try to download a trojan file as part of the page



Thanks for the clarification. When I said 'trojan' email, I meant the one from PN telling you that you may have been exposed to the trojan!


Register (or login) on our website and you will not see this ad.

Standard User blewit
(committed) Wed 16-May-07 10:06:53
Print Post

Re: Things you can do to mitigate the email proble


[re: TheFlyingGribble] [link to this post]
 
Ah - ok
Standard User wingco1
(knowledge is power) Wed 16-May-07 10:20:11
Print Post

Re: Things you can do to mitigate the email proble


[re: jelv] [link to this post]
 
In reply to:

Perhaps more than one server was hacked and Plusnet are not aware?



Do you not think such statements are inflammatory and unnecessary. Plusnet have already stated that the matter has been dealt with. Even I give them credit for being professional and ensuring other systems have not been breached.


+++++++++++++++++++++++++++++++++++++++

"Nearly all men can stand adversity, but if you want to test a man's character, give him power."
Abraham Lincoln
16th president of US (1809 - 1865)
Standard User blewit
(committed) Wed 16-May-07 10:22:55
Print Post

Re: Things you can do to mitigate the email proble


[re: wingco1] [link to this post]
 
Until we understand why not everyone who accessed a compromised server then I think it's a fair question to ask. PlusNet have stated that they've emailed everyone they believe is affected - however they clearly haven't ....

Ball's in PlusNet's court to explain the conflict ...
Standard User wingco1
(knowledge is power) Wed 16-May-07 10:28:33
Print Post

Re: Things you can do to mitigate the email proble


[re: blewit] [link to this post]
 
Isn't an investigation still ongoing???. Isn't it possible more information may come to light?. If the answer to either question is yes the stratergy would surely change in line with the circumstances.

As I understand it, PN are working on evidence which currently suggests the breach was via web mail. If more evidence comes to light suggesting a possible alternative scenario, I fully expect PN to amend their notification stratergy. But either way give them a chance and stop badgering them for answers!.

PS Unfounded speculation doesn't help anyone.

+++++++++++++++++++++++++++++++++++++++

"Nearly all men can stand adversity, but if you want to test a man's character, give him power."
Abraham Lincoln
16th president of US (1809 - 1865)

Edited by wingco1 (Wed 16-May-07 10:29:10)

Standard User deleted
(deleted) Wed 16-May-07 10:29:07
Print Post

Re: Things you can do to mitigate the email proble


[re: jelv] [link to this post]
 
"If they had used the compromised server at the relevant time they will have had the email from Plusnet. "

What truly simple blind faith in the company who let all the information out. I bet they can't even get this right.
Standard User blewit
(committed) Wed 16-May-07 10:29:12
Print Post

Re: Things you can do to mitigate the email proble


[re: blewit] [link to this post]
 
In reply to:

I changed my account password yesterday - but this hasn't propogated to webmail - I still have to use my old password to get into webmail




Seems PlusNet are on top of this one
Standard User h0tblack
(fountain of knowledge) Wed 16-May-07 10:29:23
Print Post

Re: Things you can do to mitigate the email problem


[re: deleted] [link to this post]
 
It's an added precautionary measure.

As others have said it is particularly recommended if you may have been hit by the trojan. But passwords should only be changed once you have ensured your system is clean (i.e. run virus checks and software updates).

We're trying to provide practical advice here, not analyse what may or may not have happened, what exactly has been compromised, etc.
Pages in this thread: 1 | 2 | 3 | 4 | [5] | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | (show all)   Print Thread

Jump to