Feeds

PlusNet forums blown wide open by a letter bomb

That was sent by a stalking astronaut

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Now, onto what had to be the story of the week. Love-crazed stalking astronauts armed with pepper spray and plastic bags. It just doesn't get any better than that. And all we can do is ask, but why?

I really don't get this one. Here is a woman who is not only qualified like few other women on the planet are, she is a hyper-specialist in a community that takes absurd amounts of long, hard work to get into. She is on a career track that should be the envy and the inspiration of just about the entire human population save the pope and god's-gift-to-the-Resolution-desk. There are a few ways to derail a career like that: theft, making a costly booboo in space, becoming ill, having a tragic and well-documented accident. What do you not expect to be a career-killer: raging hormones. What gives? You work your butt off, you're a woman [it should not make a difference, but the world is not a nice place like that], you have qualifications and honours enough to fill a wall, you realise a dream that many have but precious few achieve: actually going to space and working there. You made it. You made it big time. What do you give it all up for: keep-your-goddamn-hands-off-of-MY-MAN-bitch!!. And it's not even her husband.

There is so much I don't understand of the world, it's embarrassing. I wouldn't give up a career like that because of hormones though. Not after working so hard to get where she was. It's a tragedy. Her personal life is in ruins and she will -NEVER- fly in space again. And the guy is so going 'Ok, you're a nutcase. Stay away from me!'.

Tragic lapse of judgment. This is a woman I feel sorry for.


Hi Lucy,

The phrase 'going postal' was becoming dated anyway. Perhaps it's time to revive the 1986 acronym, NASA = Need Another Set of Astronauts.

J.


Another cock-up this week arose with the news that a hole in PlusNet's forums left the ISP "theoretically" wide open to hackers...just another oops to add to an already crappy month...

Despite all of PlusNet's recent goofs, I think people should go easy on them on this particular occasion. Security flaws still get found in even the most venerable of forum software. Since the problem was caught early, they weren't really obliged to notify their customers but they still did the honest thing even though more bad publicity is really the last thing they need right now.

Chewi


Concerning the Plus Net password cock-up. Yes it is definitivelly a cock-up. But it has to be said that at least Plus Net are sticking to their policy of being quite open about these things (try to find a provider that notifies you of issues, gives you a clear idea of their architecture and bandwidth capabilities and also gives you a good idea of where their infrastructure is evolving next).

Yes, recently they seem to have made a lot the headlines (when there were problems) but I would not be too suprised that other ISPs had on occasions similar issues (if not more) but just kept quiet about it.

Also, the issue concerns the forum site, which normally is not that important. But admittedly most user will problably use the same password for the forum and their main account. And the level of risk depends of how strong your password is (as it is the MD5 hash that was leaked). So I could easily see that most ISP would just have kept their mouth shut when at least PlusNet told us that there was a risk.

I must admit that at present my feeling is that they should rather be praised for that (after all error is human and they will always happen. What is important is how you react when such an error occurs...).

Regards,


Many of you picked up on the fact that 5-8 letter long passwords aren't that secure anyway.

It's better than that. PlusNet restricts passwords to being between 5 and 8 characters long, beginning with a lower-case letter, and containing only lower-case letters and digits.

The email advised that only users with weak passwords need be at all concerned. I suppose it's a matter of degree.

Discussions on the forum have revealed that changing the password algorithm is a difficult problem, so we seem to be stuck with the password design for the foreseeable future.


John. With regard to the Plusnet issue. I interpret this as all password hashes have been exposed and therefore any number of people now have values of all PlusNet user passwords. The advice is to only change your password if it was insecure, but the PlusNet policy on passwords is:

"Your password must begin with a letter and contain only lowercase letters and/or numbers. It must be between 5 and 8 characters in length."

Surely with this policy in place pretty much all passwords are insecure, especially if someone now has as long as they wish to brute force the relativly low number of possible values.


Morning,

you may wish to comment on the password standard which is implemented by PlusNet.

The passwords must be 5-8 character, all lowercase alphanumeric with no special characters.

Bit hard to get a decent strong password with criteria like that.

Regards

Paul.


And look out would-be data thieves. You're now up for two years in the slammer if you use or share other people's data:

But this is an easy one to chalk up. Governments are busy building "data sharing" links between their various civil databases, then between those and police and immigration databases, and then further with other governments. But more data sharing means more ways of stealing more people's data.

That's not to mention that some people may consider the Government's 'sharing' (or even 'peer-to-peer sharing', you might say) to be stealing.


"People who steal personal data in the UK will face up to two years' jail, the Government announced today."

So which jail are they going to put them in? According to some recent news, there isn't anywhere to put these criminals. Most likely that they'll get a slap on the wrist by a judge and be sent merrily on their way.

Wellard.


Slap on the wrist also for Nokia which, in spite of finally whacking out firmware updates for its N73 and N93 handsets, is lagging on updates for other models:

Nokia still NEEDS a bit of smacking for this one, they STILL haven't given new firmware for N90 users, there was a ton of complaints and question on their forums, on when we will finally get our N90 firmware update.. nokia is still leaving us in dark with this one.. Nokia is almost mocking us with this, US who faithfully bought their first generation Nseries N90 phone, and we are being left in dark when our buggy phone software needs firmware update!

Shame they haven't done the same for the E70 business phone - my Vodafone-supplied E70 is still stuck with the bug-riddled 1.0610.05.07 firmware, even though there is v2 firmware available. Seemingly the v2 firmware is available for phones supplied direct by Nokia, or by other network operators, but not for phones supplied by Vodafone. I took my phone to a Nokia service centre, but the technician there (whilst very helpful) said he couldn't upgrade my phone to v2, and showed me the relevant service bulletin to prove it.

After going round the loop with both Nokia and Vodafone customer service, it appears that the problem is Vodafone - the v2 software was released by Nokia over 6 months ago, and Vodafone are (according to an email I received from them) "still evaluating and testing the new firmware". I have the distinct suspicion that the phone will be obsolete before they release new firmware for it.

If it was my phone rather than a corporate one I'd have taken it back, demanded a refund and switched to another network operator.

0/10 Nokia for releasing such a buggy pile in the first place, and 0/10 Vodaphone for your appalling customer support.


0/10 for Nokia and Vodafone, but 10/10 for our very own bomb disposal expert Lewis Page for his letter bombs analysis.

Greetings,

I'm a regular Reg reader. I just wanted to write and say that your article by Lewis Page on letter bombs was the best, most informative article I've seen in this whole bomb-scare.

Congratulations to The Reg for simply finding someone who actually knows what he's talking about and letting him write it, rather than finding some happy-to-scare-up-some-attention "analyst" who's never been within a thousand feet of an explosive device.

I hope you'll have more such non-scaremongering content in future.

Charles


Dear Sir

Please forward this to whomever pays your freelancer fees at The Register:

"Please keep this guy! His two articles so far were both funny and informative, and I eagerly look forward to the next one."

That is all. Thank you.

Awwww.


Narcissism aside, you had other things to say:

You said "There might be a place nearby where a smallish explosion wouldn't be that big a deal.", do you mean like Basildon?

Matthew.


do you think that this http://www.gothamist.com/attachments/jen/2007_01_mooninite2.jpg http://seattlepi.nwsource.com/dayart/20070131/226Suspicious_Devices_NY204_612959731012007.jpg would be a convincing bomb?

Very dissapointed by the lack of Mooninite coverage, we get a visit from the moon, they shut down a city showing us their vastly superior culture, even the bbc covered it. Tshhh must of been too high brow.

Anyway too busy worrying about dirty bombs, bird flu, immigrants, chavs, brain cancer from mobile phones and the literal hundreds of free criminals (HUNDREDS GOOD LORD) who arn't on the list to be worried about some demented alf freak.


"On leaving the service he wrote a book, Lions, Donkeys and Dinosaurs: Waste and Blundering in the British Armed Forces, which was so successful that it is now almost impossible to obtain"

A lovely example of how copyright hinders the author and the public at the same time..!


And finally, one day soon we could all be buying stuff with our mobile phones. Like, everything man.

About this cash on your mobile thing...one thing to point out, my cash and cards never run out of batteries. Imagine not being able to buy a pint just because you forgot to charge your phone. It'll never work.

Dave

A very scary thought indeed. Scrap that idea, we're off to the pub with a grubby handful of real coinage. Just the way it should be. ®

Internet Security Threat Report 2014

More from The Register

next story
Criticism of Uber's journo-Data Analytics plan is an Attack on DIGITAL FREEDOM
First they came for Emil – and I'm damn well SPEAKING OUT
'It is comforting to know where your data centres are.' UK.GOV does NOT
Plus: Anons are 'wannabes', KKK says, before being pwned
Google's whois results say it's a lousy smut searcher
Run whois google.com or whois microsoft.com. We dare you, you PIG◙◙◙◙ER
Holy vintage vehicles! Earliest known official Batmobile goes on sale
Riddle me this: are you prepared to pay US$180k?
'Open source just means big companies can steal your code.' O RLY?
Plus: Flame of the Week returns, for one night only!
NEWSFLASH: It's time to ditch dullard Facebook chums
Everything hot in tech, courtesy of avian anchor Regina Eggbert
Hey, you, PHONE-FACE! Kickstarter in-car mobe mount will EMBED your phone into your MUG
Stick it on the steering wheel and wait for the airbag to fire
prev story

Whitepapers

Free virtual appliance for wire data analytics
The ExtraHop Discovery Edition is a free virtual appliance will help you to discover the performance of your applications across the network, web, VDI, database, and storage tiers.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.