Feeds

PlusNet blames itself for webmail spamfest

Russian connection in hacking investigation

Top 5 reasons to deploy VMware with Tegile

PlusNet has accepted blame for its latest email blunder, having previously fingered vulnerabilities in third party webmail software for last week's security flap.

The Sheffield-based ISP admitted late yesterday that it was its implementation of @Mail's webmail code which exposed thousands of subsciber email addresses and contacts to spammers. The firm made the mea culpa in an detailed incident report posted on its website, which had been promised for last Friday.

On Wednesday last week, a company spokesman told us the hackers had found a new vulnerability in @Mail's messaging platform. Today Plusnet said: "The attacker exploited a vulnerability within the @Mail webmail code which was compounded by vulnerabilities within our own implementation."

Since it took the service offline, PlusNet has implemented a more basic SquirrelMail open source webmail platform, which it plans to stick with. The BT-owned outfit said it was researching "longer term" options for improving the service and integrating it with the PlusNet portal and other communications tools, as @Mail had been.

In the wake of the crisis, PlusNet also made a series of promises to improve its security, including SSL encryption for FTP, and POP3 and IMAP email. Subscribers should be able to change their username in future too, to escape spam-stuffed inboxes.

As well as stealing customer data, the attackers loaded pop-up malware on to one of PlusNet's six email servers. The frame linked to a Russian video site which loaded a Trojan on to the user's machine. Beyond the Russian connection, PlusNet has not released any details of the ongoing criminal investigation into the hack. ®

Remote control for virtualized desktops

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
BlackEnergy crimeware coursing through US control systems
US CERT says three flavours of control kit are under attack
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.