Feeds

PlusNet forums blown wide open by a letter bomb

That was sent by a stalking astronaut

  • alert
  • submit to reddit

Security for virtualized datacentres

Now, onto what had to be the story of the week. Love-crazed stalking astronauts armed with pepper spray and plastic bags. It just doesn't get any better than that. And all we can do is ask, but why?

I really don't get this one. Here is a woman who is not only qualified like few other women on the planet are, she is a hyper-specialist in a community that takes absurd amounts of long, hard work to get into. She is on a career track that should be the envy and the inspiration of just about the entire human population save the pope and god's-gift-to-the-Resolution-desk. There are a few ways to derail a career like that: theft, making a costly booboo in space, becoming ill, having a tragic and well-documented accident. What do you not expect to be a career-killer: raging hormones. What gives? You work your butt off, you're a woman [it should not make a difference, but the world is not a nice place like that], you have qualifications and honours enough to fill a wall, you realise a dream that many have but precious few achieve: actually going to space and working there. You made it. You made it big time. What do you give it all up for: keep-your-goddamn-hands-off-of-MY-MAN-bitch!!. And it's not even her husband.

There is so much I don't understand of the world, it's embarrassing. I wouldn't give up a career like that because of hormones though. Not after working so hard to get where she was. It's a tragedy. Her personal life is in ruins and she will -NEVER- fly in space again. And the guy is so going 'Ok, you're a nutcase. Stay away from me!'.

Tragic lapse of judgment. This is a woman I feel sorry for.


Hi Lucy,

The phrase 'going postal' was becoming dated anyway. Perhaps it's time to revive the 1986 acronym, NASA = Need Another Set of Astronauts.

J.


Another cock-up this week arose with the news that a hole in PlusNet's forums left the ISP "theoretically" wide open to hackers...just another oops to add to an already crappy month...

Despite all of PlusNet's recent goofs, I think people should go easy on them on this particular occasion. Security flaws still get found in even the most venerable of forum software. Since the problem was caught early, they weren't really obliged to notify their customers but they still did the honest thing even though more bad publicity is really the last thing they need right now.

Chewi


Concerning the Plus Net password cock-up. Yes it is definitivelly a cock-up. But it has to be said that at least Plus Net are sticking to their policy of being quite open about these things (try to find a provider that notifies you of issues, gives you a clear idea of their architecture and bandwidth capabilities and also gives you a good idea of where their infrastructure is evolving next).

Yes, recently they seem to have made a lot the headlines (when there were problems) but I would not be too suprised that other ISPs had on occasions similar issues (if not more) but just kept quiet about it.

Also, the issue concerns the forum site, which normally is not that important. But admittedly most user will problably use the same password for the forum and their main account. And the level of risk depends of how strong your password is (as it is the MD5 hash that was leaked). So I could easily see that most ISP would just have kept their mouth shut when at least PlusNet told us that there was a risk.

I must admit that at present my feeling is that they should rather be praised for that (after all error is human and they will always happen. What is important is how you react when such an error occurs...).

Regards,


Many of you picked up on the fact that 5-8 letter long passwords aren't that secure anyway.

It's better than that. PlusNet restricts passwords to being between 5 and 8 characters long, beginning with a lower-case letter, and containing only lower-case letters and digits.

The email advised that only users with weak passwords need be at all concerned. I suppose it's a matter of degree.

Discussions on the forum have revealed that changing the password algorithm is a difficult problem, so we seem to be stuck with the password design for the foreseeable future.


John. With regard to the Plusnet issue. I interpret this as all password hashes have been exposed and therefore any number of people now have values of all PlusNet user passwords. The advice is to only change your password if it was insecure, but the PlusNet policy on passwords is:

"Your password must begin with a letter and contain only lowercase letters and/or numbers. It must be between 5 and 8 characters in length."

Surely with this policy in place pretty much all passwords are insecure, especially if someone now has as long as they wish to brute force the relativly low number of possible values.


Morning,

you may wish to comment on the password standard which is implemented by PlusNet.

The passwords must be 5-8 character, all lowercase alphanumeric with no special characters.

Bit hard to get a decent strong password with criteria like that.

Regards

Paul.


And look out would-be data thieves. You're now up for two years in the slammer if you use or share other people's data:

But this is an easy one to chalk up. Governments are busy building "data sharing" links between their various civil databases, then between those and police and immigration databases, and then further with other governments. But more data sharing means more ways of stealing more people's data.

That's not to mention that some people may consider the Government's 'sharing' (or even 'peer-to-peer sharing', you might say) to be stealing.


"People who steal personal data in the UK will face up to two years' jail, the Government announced today."

So which jail are they going to put them in? According to some recent news, there isn't anywhere to put these criminals. Most likely that they'll get a slap on the wrist by a judge and be sent merrily on their way.

Wellard.


Slap on the wrist also for Nokia which, in spite of finally whacking out firmware updates for its N73 and N93 handsets, is lagging on updates for other models:

Nokia still NEEDS a bit of smacking for this one, they STILL haven't given new firmware for N90 users, there was a ton of complaints and question on their forums, on when we will finally get our N90 firmware update.. nokia is still leaving us in dark with this one.. Nokia is almost mocking us with this, US who faithfully bought their first generation Nseries N90 phone, and we are being left in dark when our buggy phone software needs firmware update!

Shame they haven't done the same for the E70 business phone - my Vodafone-supplied E70 is still stuck with the bug-riddled 1.0610.05.07 firmware, even though there is v2 firmware available. Seemingly the v2 firmware is available for phones supplied direct by Nokia, or by other network operators, but not for phones supplied by Vodafone. I took my phone to a Nokia service centre, but the technician there (whilst very helpful) said he couldn't upgrade my phone to v2, and showed me the relevant service bulletin to prove it.

After going round the loop with both Nokia and Vodafone customer service, it appears that the problem is Vodafone - the v2 software was released by Nokia over 6 months ago, and Vodafone are (according to an email I received from them) "still evaluating and testing the new firmware". I have the distinct suspicion that the phone will be obsolete before they release new firmware for it.

If it was my phone rather than a corporate one I'd have taken it back, demanded a refund and switched to another network operator.

0/10 Nokia for releasing such a buggy pile in the first place, and 0/10 Vodaphone for your appalling customer support.


0/10 for Nokia and Vodafone, but 10/10 for our very own bomb disposal expert Lewis Page for his letter bombs analysis.

Greetings,

I'm a regular Reg reader. I just wanted to write and say that your article by Lewis Page on letter bombs was the best, most informative article I've seen in this whole bomb-scare.

Congratulations to The Reg for simply finding someone who actually knows what he's talking about and letting him write it, rather than finding some happy-to-scare-up-some-attention "analyst" who's never been within a thousand feet of an explosive device.

I hope you'll have more such non-scaremongering content in future.

Charles


Dear Sir

Please forward this to whomever pays your freelancer fees at The Register:

"Please keep this guy! His two articles so far were both funny and informative, and I eagerly look forward to the next one."

That is all. Thank you.

Awwww.


Narcissism aside, you had other things to say:

You said "There might be a place nearby where a smallish explosion wouldn't be that big a deal.", do you mean like Basildon?

Matthew.


do you think that this http://www.gothamist.com/attachments/jen/2007_01_mooninite2.jpg http://seattlepi.nwsource.com/dayart/20070131/226Suspicious_Devices_NY204_612959731012007.jpg would be a convincing bomb?

Very dissapointed by the lack of Mooninite coverage, we get a visit from the moon, they shut down a city showing us their vastly superior culture, even the bbc covered it. Tshhh must of been too high brow.

Anyway too busy worrying about dirty bombs, bird flu, immigrants, chavs, brain cancer from mobile phones and the literal hundreds of free criminals (HUNDREDS GOOD LORD) who arn't on the list to be worried about some demented alf freak.


"On leaving the service he wrote a book, Lions, Donkeys and Dinosaurs: Waste and Blundering in the British Armed Forces, which was so successful that it is now almost impossible to obtain"

A lovely example of how copyright hinders the author and the public at the same time..!


And finally, one day soon we could all be buying stuff with our mobile phones. Like, everything man.

About this cash on your mobile thing...one thing to point out, my cash and cards never run out of batteries. Imagine not being able to buy a pint just because you forgot to charge your phone. It'll never work.

Dave

A very scary thought indeed. Scrap that idea, we're off to the pub with a grubby handful of real coinage. Just the way it should be. ®

New hybrid storage solutions

More from The Register

next story
Every billionaire needs a PANZER TANK, right? STOP THERE, Paul Allen
Angry Microsoftie hauls auctioneers to court over stalled Pzkw. IV 'deal'
Apple's Mr Havisham: Tim Cook says dead Steve Jobs' office has remained untouched
'I literally think about him every day' says biz baron's old friend
Flaming drone batteries ground commercial flight before takeoff
Passenger had Something To Declare, instead fiddled while plane burned
Cops apologise for leaving EXPLOSIVES in suitcase at airport
'Canine training exercise' SNAFU sees woman take home booming baggage
WRISTJOB LOVE BONANZA: justWatch sex app promises blind date hookups
Mankind shuffles into the future, five fingers at a time
Jony Ive: Apple iWatch will SCREW UP Switzerland's economy
Apple's chief designer forgot one crucial point about overpriced bling
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.