Feeds

News International mail server password FAIL exposed

Full login details published along with damning letters

SANS - Survey on application security programs

A letter from News International chairman James Murdoch to the Commons Culture Select Committee has let slip details of how to gain full access to the company's MS Exchange email system – albeit the information is from four years ago.

MPs published a raft of letters this lunchtime including one from jailed News of the World royal editor Clive Goodman, who claimed senior figures at the now-defunct Sunday tabloid knew that phone hacking was going on at the publication.

James Murdoch has consistently denied any knowledge of widespread phone-tapping beyond the illegal methods employed by "one rogue reporter" at the newspaper.

Among the evidence submitted to the committee was an email between an individual named Simon Avery and the company's London law firm Harbottle & Lewis co-founder Lawrence Abramson.

The email offers a step-by-step guide on how to access News International's web mail server.

It includes the URL required for accessing the company's gateway Exchange server as well as the domain and username, and was provided to Harbottle & Lewis in May 2007, a few months after Goodman was sacked in February that year.

The instructions reveal that a frankly piss-poor password (mailreview) was issued by the NI sysadmin to the lawyers.

Harbottle & Lewis had been granted "independent" access to relevant emails relating to allegations made by Goodman, who appealed his dismissal from the sister firm of Rupert Murdoch's News Corp on the grounds that other individuals were aware of – and supported – illegal phone-hacking methods used by the former NotW royal correspondent.

Goodman also claimed, according to then-NI director of legal affairs Jon Chapman, that "others were carrying out similar illegal procedures" at the firm.

It was Chapman who granted Harbottle & Lewis access to emails inserted in five subfolders within NI's Exchange public folders for review by the lawyers.

The culture committee, unlike with its roughshod handling of highly sensitive details of NI's gateway, has redacted information about emails that were searched relating to six individual accounts.

Abramson concluded an email to Chapman on 25 May 2007 with the following statement:

"I can confirm that we did not find any evidence that proved that either [redacted], [redacted] or [redacted] knew that Clive Goodman, Glen Mulcaire or any other journalists at the News of the World were engaged in illegal activities prior to their arrest."

Mulcaire had worked as a private investigator at the newspaper. He was jailed for six months in January 2007 after admitting to conspiring with Goodman to illegally access voicemail messages.

In a letter on 2 March 2007 to NI HR boss Daniel Cloke, Goodman rejected News International's notice of termination of employment on the grounds of "gross misconduct".

He claimed in the missive that phone hacking was "widely discussed" at the paper and alleged that News International had promised to re-hire him after he was convicted of intercepting voicemail messages on the provision that he didn't implicate the newspaper in court.

Meanwhile, the paperwork submitted to the committee today also revealed exactly how much money Goodman was paid when he was sacked by News International in 2007.

The ex-royal editor was paid £90,502.08 and a further £140,000 in compensation. He was given another £13,000 from News International to pay for his lawyer's bill.

Separately, Harbottle & Lewis told Culture Committee chairman John Whittingdale that the firm had been given "remote electronic access to emails on News International's server".

The law firm added that the emails made available to it for review were contained in the aforementioned five sub-folders, which meant "access was not entirely straightforward". Harbottle & Lewis added that the firm had been "instructed only to look for evidence" in those folders in May 2007. ®

3 Big data security analytics techniques

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.