PlusNet goofs on passwords
PrintHole in forum software
Posted in Telecoms, 7th February 2007 11:51 GMT
Free webcast: Service level monitoring and management
ISP PlusNet is warning customers who use its forums that their passwords could, theoretically, have been accessed by a hacker.
The company was warned by a customer that the vulnerability existed and fixed it quickly. But it has still sent an email to several thousand customers who could be affected by the glitch. Several unimpressed PlusNet punters forwarded the mail on to us.
The email reads: "It recently came to our attention that a potential security problem existed on our website discussion forums (http://portal.plus.net/central/forums/). It could have been possible to exploit the forum software, and retrieve an encrypted copy of the password details we hold for your account."
A spokesman for PlusNet said: "Even if this was exploited it would not give access to payment details. Someone could post messages in the forums or change account settings. We have not seen any multiple log-ins or strange behaviour to suggest this has happened."
The spokesman said customers with passwords which are also dictionary words rather than a mixture of words and numbers should change them.
The company has also informed the Information Commissioner of the problem.
More info from Plusnet here. ®
The Register Agile Data Center Summit
What Exchange can't do - and Dell can
Checklist: signs you need to upgrade your business phone system
Analyst Keynote: The Register Agile Data Center Summit
Dirty, dirty PCs: The X-rated picture guide
Top 500 supers - rise of the Linux quad-cores
Early adopters bloodied by Ubuntu's Karmic Koala
Sign up, sign up for The Register IT security newsletter