Feeds

PlusNet forums blown wide open by a letter bomb

That was sent by a stalking astronaut

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Now, onto what had to be the story of the week. Love-crazed stalking astronauts armed with pepper spray and plastic bags. It just doesn't get any better than that. And all we can do is ask, but why?

I really don't get this one. Here is a woman who is not only qualified like few other women on the planet are, she is a hyper-specialist in a community that takes absurd amounts of long, hard work to get into. She is on a career track that should be the envy and the inspiration of just about the entire human population save the pope and god's-gift-to-the-Resolution-desk. There are a few ways to derail a career like that: theft, making a costly booboo in space, becoming ill, having a tragic and well-documented accident. What do you not expect to be a career-killer: raging hormones. What gives? You work your butt off, you're a woman [it should not make a difference, but the world is not a nice place like that], you have qualifications and honours enough to fill a wall, you realise a dream that many have but precious few achieve: actually going to space and working there. You made it. You made it big time. What do you give it all up for: keep-your-goddamn-hands-off-of-MY-MAN-bitch!!. And it's not even her husband.

There is so much I don't understand of the world, it's embarrassing. I wouldn't give up a career like that because of hormones though. Not after working so hard to get where she was. It's a tragedy. Her personal life is in ruins and she will -NEVER- fly in space again. And the guy is so going 'Ok, you're a nutcase. Stay away from me!'.

Tragic lapse of judgment. This is a woman I feel sorry for.


Hi Lucy,

The phrase 'going postal' was becoming dated anyway. Perhaps it's time to revive the 1986 acronym, NASA = Need Another Set of Astronauts.

J.


Another cock-up this week arose with the news that a hole in PlusNet's forums left the ISP "theoretically" wide open to hackers...just another oops to add to an already crappy month...

Despite all of PlusNet's recent goofs, I think people should go easy on them on this particular occasion. Security flaws still get found in even the most venerable of forum software. Since the problem was caught early, they weren't really obliged to notify their customers but they still did the honest thing even though more bad publicity is really the last thing they need right now.

Chewi


Concerning the Plus Net password cock-up. Yes it is definitivelly a cock-up. But it has to be said that at least Plus Net are sticking to their policy of being quite open about these things (try to find a provider that notifies you of issues, gives you a clear idea of their architecture and bandwidth capabilities and also gives you a good idea of where their infrastructure is evolving next).

Yes, recently they seem to have made a lot the headlines (when there were problems) but I would not be too suprised that other ISPs had on occasions similar issues (if not more) but just kept quiet about it.

Also, the issue concerns the forum site, which normally is not that important. But admittedly most user will problably use the same password for the forum and their main account. And the level of risk depends of how strong your password is (as it is the MD5 hash that was leaked). So I could easily see that most ISP would just have kept their mouth shut when at least PlusNet told us that there was a risk.

I must admit that at present my feeling is that they should rather be praised for that (after all error is human and they will always happen. What is important is how you react when such an error occurs...).

Regards,


Many of you picked up on the fact that 5-8 letter long passwords aren't that secure anyway.

It's better than that. PlusNet restricts passwords to being between 5 and 8 characters long, beginning with a lower-case letter, and containing only lower-case letters and digits.

The email advised that only users with weak passwords need be at all concerned. I suppose it's a matter of degree.

Discussions on the forum have revealed that changing the password algorithm is a difficult problem, so we seem to be stuck with the password design for the foreseeable future.


John. With regard to the Plusnet issue. I interpret this as all password hashes have been exposed and therefore any number of people now have values of all PlusNet user passwords. The advice is to only change your password if it was insecure, but the PlusNet policy on passwords is:

"Your password must begin with a letter and contain only lowercase letters and/or numbers. It must be between 5 and 8 characters in length."

Surely with this policy in place pretty much all passwords are insecure, especially if someone now has as long as they wish to brute force the relativly low number of possible values.


Morning,

you may wish to comment on the password standard which is implemented by PlusNet.

The passwords must be 5-8 character, all lowercase alphanumeric with no special characters.

Bit hard to get a decent strong password with criteria like that.

Regards

Paul.


And look out would-be data thieves. You're now up for two years in the slammer if you use or share other people's data:

But this is an easy one to chalk up. Governments are busy building "data sharing" links between their various civil databases, then between those and police and immigration databases, and then further with other governments. But more data sharing means more ways of stealing more people's data.

That's not to mention that some people may consider the Government's 'sharing' (or even 'peer-to-peer sharing', you might say) to be stealing.


"People who steal personal data in the UK will face up to two years' jail, the Government announced today."

So which jail are they going to put them in? According to some recent news, there isn't anywhere to put these criminals. Most likely that they'll get a slap on the wrist by a judge and be sent merrily on their way.

Wellard.


Slap on the wrist also for Nokia which, in spite of finally whacking out firmware updates for its N73 and N93 handsets, is lagging on updates for other models:

Nokia still NEEDS a bit of smacking for this one, they STILL haven't given new firmware for N90 users, there was a ton of complaints and question on their forums, on when we will finally get our N90 firmware update.. nokia is still leaving us in dark with this one.. Nokia is almost mocking us with this, US who faithfully bought their first generation Nseries N90 phone, and we are being left in dark when our buggy phone software needs firmware update!

Shame they haven't done the same for the E70 business phone - my Vodafone-supplied E70 is still stuck with the bug-riddled 1.0610.05.07 firmware, even though there is v2 firmware available. Seemingly the v2 firmware is available for phones supplied direct by Nokia, or by other network operators, but not for phones supplied by Vodafone. I took my phone to a Nokia service centre, but the technician there (whilst very helpful) said he couldn't upgrade my phone to v2, and showed me the relevant service bulletin to prove it.

After going round the loop with both Nokia and Vodafone customer service, it appears that the problem is Vodafone - the v2 software was released by Nokia over 6 months ago, and Vodafone are (according to an email I received from them) "still evaluating and testing the new firmware". I have the distinct suspicion that the phone will be obsolete before they release new firmware for it.

If it was my phone rather than a corporate one I'd have taken it back, demanded a refund and switched to another network operator.

0/10 Nokia for releasing such a buggy pile in the first place, and 0/10 Vodaphone for your appalling customer support.


0/10 for Nokia and Vodafone, but 10/10 for our very own bomb disposal expert Lewis Page for his letter bombs analysis.

Greetings,

I'm a regular Reg reader. I just wanted to write and say that your article by Lewis Page on letter bombs was the best, most informative article I've seen in this whole bomb-scare.

Congratulations to The Reg for simply finding someone who actually knows what he's talking about and letting him write it, rather than finding some happy-to-scare-up-some-attention "analyst" who's never been within a thousand feet of an explosive device.

I hope you'll have more such non-scaremongering content in future.

Charles


Dear Sir

Please forward this to whomever pays your freelancer fees at The Register:

"Please keep this guy! His two articles so far were both funny and informative, and I eagerly look forward to the next one."

That is all. Thank you.

Awwww.


Narcissism aside, you had other things to say:

You said "There might be a place nearby where a smallish explosion wouldn't be that big a deal.", do you mean like Basildon?

Matthew.


do you think that this http://www.gothamist.com/attachments/jen/2007_01_mooninite2.jpg http://seattlepi.nwsource.com/dayart/20070131/226Suspicious_Devices_NY204_612959731012007.jpg would be a convincing bomb?

Very dissapointed by the lack of Mooninite coverage, we get a visit from the moon, they shut down a city showing us their vastly superior culture, even the bbc covered it. Tshhh must of been too high brow.

Anyway too busy worrying about dirty bombs, bird flu, immigrants, chavs, brain cancer from mobile phones and the literal hundreds of free criminals (HUNDREDS GOOD LORD) who arn't on the list to be worried about some demented alf freak.


"On leaving the service he wrote a book, Lions, Donkeys and Dinosaurs: Waste and Blundering in the British Armed Forces, which was so successful that it is now almost impossible to obtain"

A lovely example of how copyright hinders the author and the public at the same time..!


And finally, one day soon we could all be buying stuff with our mobile phones. Like, everything man.

About this cash on your mobile thing...one thing to point out, my cash and cards never run out of batteries. Imagine not being able to buy a pint just because you forgot to charge your phone. It'll never work.

Dave

A very scary thought indeed. Scrap that idea, we're off to the pub with a grubby handful of real coinage. Just the way it should be. ®

Security for virtualized datacentres

More from The Register

next story
Facebook's Zuckerberg in EBOLA VIRUS FIGHT: Billionaire battles bug
US Centers for Disease Control and Prevention contacted as site supremo coughs up
Space exploration is just so lame. NEW APPS are mankind's future
We feel obliged to point out the headline statement is total, utter cobblers
Down-under record: Australian gets $140k for pussy
'Tiffany' closes deal - 'it's more common to offer your wife', says agent
Internet finally ready to replace answering machine cassette tape
It's a simple message and I'm leaving out the whistles and bells
Win a year’s supply of chocolate (no tech knowledge required)
Over £200 worth of the good stuff up for grabs
Swiss wildlife park serves up furry residents to visitors
'It's ecological' says spokesman, now how would you like your Bambi done?
The iPAD launch BEFORE it happened: SPECULATIVE GUFF ahead of actual event
Nerve-shattering run-up to the pre-planned known event
STONER SHEEP get the MUNCHIES after feasting on £4k worth of cannabis plants
Baaaaaa! Fanny's Farm's woolly flock is high, maaaaaan
FedEx helps deliver THOUSANDS of spam messages DIRECT to its Blighty customers
Don't worry Wilson, I'll do all the paddling. You just hang on
Red Bull does NOT give you wings, $13.5m lawsuit says so
Website letting consumers claim $10 cash back crashes after stampede
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.