Feeds

PlusNet blames itself for webmail spamfest

Russian connection in hacking investigation

Boost IT visibility and business value

PlusNet has accepted blame for its latest email blunder, having previously fingered vulnerabilities in third party webmail software for last week's security flap.

The Sheffield-based ISP admitted late yesterday that it was its implementation of @Mail's webmail code which exposed thousands of subsciber email addresses and contacts to spammers. The firm made the mea culpa in an detailed incident report posted on its website, which had been promised for last Friday.

On Wednesday last week, a company spokesman told us the hackers had found a new vulnerability in @Mail's messaging platform. Today Plusnet said: "The attacker exploited a vulnerability within the @Mail webmail code which was compounded by vulnerabilities within our own implementation."

Since it took the service offline, PlusNet has implemented a more basic SquirrelMail open source webmail platform, which it plans to stick with. The BT-owned outfit said it was researching "longer term" options for improving the service and integrating it with the PlusNet portal and other communications tools, as @Mail had been.

In the wake of the crisis, PlusNet also made a series of promises to improve its security, including SSL encryption for FTP, and POP3 and IMAP email. Subscribers should be able to change their username in future too, to escape spam-stuffed inboxes.

As well as stealing customer data, the attackers loaded pop-up malware on to one of PlusNet's six email servers. The frame linked to a Russian video site which loaded a Trojan on to the user's machine. Beyond the Russian connection, PlusNet has not released any details of the ongoing criminal investigation into the hack. ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?