ISP denies security flaw in publishing user names

...but removes file, anyway

A British ISP has denied it has compromised the security of its customers by publishing thousands of Web addresses and usernames on its Web site. Surrey-based Portland Communications claims the information contained in an unsecure text file is useless without the relevant passwords. But an Internet security expert toldThe Register that publication of the material did pose a security threat. "Having a username represents half the battle in gaining entry," he said. "It's then a question of brute force to get the password." The information came to light after the URL was published on a news forum. Despite assurances that there is no security risk involved the company said it would remove the details from public view today. "The text file has been around for yonks and we've not experienced any security problems with it," said Justin Clements, a director of the Web company. ®

Sponsored: Network DDoS protection