User comments on ISPs
  >> PlusNet plc


Register (or login) on our website and you will not see this ad.


These posts have been archived and can no longer be replied to or modified.
Pages in this thread: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | [15] | (show all)   Print Thread
Standard User deleted
(deleted) Thu 17-May-07 16:07:43
Print Post

Re: So is changing the primary password...


[re: rsharma] [link to this post]
 
I don't personally know the exact date the trojan was first present but can confirm that the first email sent regarding the trojan was sent based on a dataset that included everyone that had logged into webmail from a date prior to the trojan being there.

The dataset would therefore include customers who were logged in before the trojan was there and also those that logged into one of the unaffected webmail servers but will ensure that every customer that could have been affected even if some were under no danger.

When the trojan was identified the whole webmail platform was disabled, this was on the afternoon of the 9th. Only one of the servers was identified as having the trojan and this remainded out of service from that point on. I've not seen the post about the problem on the 11th, do you have a link?
Standard User deleted
(deleted) Thu 17-May-07 16:12:51
Print Post

Re: I last used webmail....


[re: deleted] [link to this post]
 
I would say that in this case there is nothing to worry about, but if you are in any way concerned then change the passwords on your mailboxes to be absolutely sure.

We are looking at the stronger password issue, it's a lot of work on our backend system to do it so isn't going to be an instant change but it's certainly on the list to do.
Standard User rsharma
(knowledge is power) Thu 17-May-07 16:16:00
Print Post

Re: So is changing the primary password...


[re: deleted] [link to this post]
 
In reply to:

I don't personally know the exact date the trojan was first present but can confirm that the first email sent regarding the trojan was sent based on a dataset that included everyone that had logged into webmail from a date prior to the trojan being there.


Does that mean someone at PN does know the date when the trojan appeared? Can you please confirm the inclusive dates used for the dataset that were used to send out the email about the trojan?

In reply to:

I've not seen the post about the problem on the 11th, do you have a link?



http://portal.plus.net/central/forums/viewtopic.php?t=55833

One new question. Did the attackers manage to only steal the database of email addresses or could they have read the contents of the emails too? If it is the latter, have any of those been stolen too?

-------------------------------------------------------
Plusnet: The Truth (Blog)
Formal Complaints Process
Testing Connection Speeds
Plusnet LLU and Your Rights


Register (or login) on our website and you will not see this ad.

Standard User deleted
(deleted) Thu 17-May-07 16:17:16
Print Post

Re: Things you can do to mitigate the email problem


[re: rsharma] [link to this post]
 
Liam's just posted this to service status which concerns a mail platform change we are implenting to stop the spam from arriving into customers' mailboxes. The same change on MXlast cut the spam received on that platform by a good margin.

http://usertools.plus.net/status/archive/1179414534.htm

This is an update to the previously reported issue regarding the increased volume of unsolicited email being sent to some customers' mailboxes. A copy of the last update can be seen here:-

http://usertools.plus.net/status/archive/1179398781.htm

In light of the recent Webmail incident, we are bringing forward a number of planned improvements to the way we handle unsolicited email (Spam) on our incoming mail platform.

Last month, we announced changes that we were making to the secondary portion of our incoming mail platform (known as mxlast). This work was announced via Service Status here : http://usertools.plus.net/status/archive/1175800498.htm

Following the success of this implementation on our 'mxlast' servers, we are now making similar changes to our primary incoming mail platform (known as mxcore).This measure will remain in place until new functionality, which we hope to develop by the end of next week, is developed. From that point, customers will have more options to choose how email identified as spam is handled.

What this is means for now is that less email is being accepted onto our platform and email meeting the following criteria is being rejected.

- Email that is detected as spam by our 'ClamSpam' filter (one of the detection solutions we use)

- Originating IP address of the sender is blacklisted on an RBL (list of known spammers). For more information on this method of blocking spam, see here: http://en.wikipedia.org/wiki/DNSBL This particular method of spam blocking has always been implemented on our incoming mail platform.

We are confident that these methods will only block email which is spam. Other email passes through our 'dspam' bayesian filter which will continue to deliver potential spam tagged as [-SPAM-]. For more information on bayesian filters, see here : http://en.wikipedia.org/wiki/Bayesian_spam_filtering

A further email will be sent to all customers explaining this functionality in the next few days.

Kind Regards,

Liam Martin
Customer Support
Standard User rsharma
(knowledge is power) Thu 17-May-07 16:22:21
Print Post

Re: Things you can do to mitigate the email proble


[re: deleted] [link to this post]
 
Thank you for the update but I must state something that seems obvious to me. Although the changes you are making might well be for the better, if I was a customer I would want to know what you are doing to ensure that no future breach of the system was possible. A spam problem is indeed a big issue, but it has been created because of the former. The FAQ on making changes to accounts and emails is of far greater importance at this stage.

-------------------------------------------------------
Plusnet: The Truth (Blog)
Formal Complaints Process
Testing Connection Speeds
Plusnet LLU and Your Rights
Standard User rsharma
(knowledge is power) Thu 17-May-07 20:53:31
Print Post

Re: So is changing the primary password...


[re: rsharma] [link to this post]
 
I would be grateful for answers on these points.

-------------------------------------------------------
Plusnet: The Truth (Blog)
Formal Complaints Process
Testing Connection Speeds
Plusnet LLU and Your Rights
Standard User deleted
(deleted) Fri 18-May-07 00:19:45
Print Post

Great. I wonder how many have changed their......


[re: deleted] [link to this post]
 
......primary password? Or have felt the need to do so?

Pages in this thread: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | [15] | (show all)   Print Thread

Jump to