10 posts • joined 26 Oct 2010
BTYahoo email accounts being hacked
The latest installment of the email problems related to Yahoo!
seems to be hitting BTYahoo! customers, who are reporting that their webmail accounts have been compromised, and spam sent to people in their online address books or whose addresses are in stored emails on the webmail interface.
Some customers have found it impossible to change their online security information via the web interface and are getting the usual helpdesk runaround.
So far BT are behaving in the way they know best - pretending that there really isn't a problem and if it is, it is the customers' fault.
1 - they are ignoring the issue on their public facing status web pages and Usenet announce groups.
2 - individual customers are so far, not being told of any wider problem, and given anti-phishing advice.
3 - The BT Community forum moderators, after a few days and over a hundred postings, are making non-committal statements that investigations are going on - but remain tight-lipped about whether there has been any centra security breach.
4 - the "banning" habit is still in fashion on the BT Community forum - those with a reputation for commenting on privacy matters are kept off the forum - not because of the content of their posts but because of who they are. They seem to have learned nothing from their BT Beta forum/Phorm-Webwise PR disaster.
There seems little interest in the press in the security melt down of a major global and UK email provider.
BTYahoo! customers should seriously consider cleaninig out the contents of their webmail contact lists and ALL email folders so that if the accounts ARE accessed, there is nothing in them to harvest. They should also make sure the Trash folder is emptied every time they visit the webmail interface. With an email system as unreliable as that currently being provided by BT through Yahoo!, customers should simply not rely on it or use it for anything mission critical.
It would be a refreshing change if BT and Yahoo! could be a lot more open with customers, and provide some USEFL answers as well as a decent level of customer service to hacked customers. But old habits die hard, and the BT that signed a covert deal for secret interception trials with Phorm back in 2006 seems to find it hard to understand transparency and openness.
Are they installing something
I'm always a little suspicious when communications networks fail for a day or two - in case the company are installing something like DPI black boxes. The last example was TTNET in Turkey (who had a major "mysterious" outage, as they installed Phorm's equipment and software), and before that, ISPs in Brazil. Are O2 installing content filtering or packet monitoring equipment? If so, it's better from a PR and legal point of view to TELL the customers (and the people they communicate with) in advance so they have the option to NOT have their communications intercepted. RIPA 2000 as amended May 2011. Just a thought - based on experience.
That's a double edged sword
Oh good. Small websites can now prevent ISPs and their "security/ad targeting" partners from scraping our content for their own commercial purposes (already a criminal offence under CDPA but not enforced).
What's the betting I am told that no - sorry - that's not what we had in mind. Move along. A bit like the police said last year.
I note the following commercial organisations taking unauthorised copies of my site material for their own commercial purposes over the last four years.
Take note - TalkTalk/Huawei/F-Secure
Take note - Vodafone UK/BlueCoat Systems
Take note - MS Screensafe/Level 3 Communications.
Take note - MS Bingbot (disobeying robots.txt all over the place)
Take note - BT/Phorm (and your successors)
If you want to take commercial copies of my copyrighted content you need my consent first.
Just a letter to a judge eh? That should be VERY interesting.
Hope he/she is more helpful than the police were, last time I made a criminal complaint about this.
More news just in (from September 2011)
Issued on 30/09/2011 @ 07:02
Phorm plan their entry into the Korean mobile market...
"As our software continues to evolve, we will be bringing a number of new developments to the market, particularly in the mobile space, which represents an important and highly complementary opportunity worldwide. "
Never been involved in... more problems.
What about SIG9800 ?
"All-round network security guarantee
By adopting multiple inspection technologies, such as DPI, signature matching, network rate and concurrent connection number anomaly statistics and analysis technologies, and searching protocol/system security vulnerability libraries and attack signature libraries updated in real time by globally distributed security threat estimation systems, the SIG9800 deeply analyzes network traffic at the application layer, and accurately identifies and blocks malicious traffic from DDoS attacks, worms, and botnets, thus protecting services and users against increasingly severe network attacks.
Depending on the perfect URL classification base including more than 20 million URLs as well as the latest and more comprehensive spammer library of Huawei, the SIG9800 is capable of filtering out most damaging URLs and spammers, helping operators to depurate network environment, mitigate loss caused by spams, and launch value-added services. "
(which I think does geolocation quite well)
For the potential of CarrierIQ - check here
The Red Hand(ed) Gang strikes again?
Are Huawei telling porkies?
"We have never been involved in and do not provide any services relating to monitoring or filtering technologies and equipment anywhere in the world," Huawei said
is a bit difficult to reconcile with:
"The system was provided by Chinese vendor Huawei and works by harvesting every URL visited by every TalkTalk customer. It then follows them to each web page and scans for threats, creating a master blacklist and a whitelist of dangerous and safe URLs."
Or maybe the United Kingdom isn't on the Huawei exec's world map?
Or he's just suffering from corporate short term memory loss?
Copyright theft by website scrapers
I've been trying to get the Copyright Designs and Patents Act enforced by police against Internet Service Providers for a long long time but they don't seem interested. All the main ISPs claim that they can send even anonymous bots to websites to download unlicensed copies of copyright material so they can scan it as part of their own commercial operation, either for advertising purposes or for malware, without the webmaster's consent. That is actually a CRIMINAL offence under CPDA Section 107 (1)(a) and 110 (1), but just try getting a police force interested. Who has been or is currently involved in this activity? BT (wiith their Phorm trials, and a corporate contract with BlueCoat of California), TalkTalk (in contract with Chinese company HuaweiSymantec and F-Secure) Vodafone (in contract with BlueCoat of California) and ThomsonReuters UK (in contract with BlueCoat of California). I have ample log evidence of unlicensed downloads from my websites for commercial purposes, despite notifying the companies concerned, despite robots.txt restrictions and despite public notices on the sites themselves. Police response? Not interested.
How do they propose to keep my data out of the clutches of the US Patriot Act?
I can't reconcile this decision to fine the council with the ico. decision to let BT off completely. Ealing council had a policy which employees did not carry out. According to the BT/ACS:Law case, then the ico. should have declared that a matter for internal discipline of the employees. Or is it one law for a local council, and no law at all for a large national Telco?
transparency is the word
I agree with you except for the fact that Facebook themselves are far from honest about that.
If they could just be up front and admit that they are a commercial operation, that they do NOT respect privacy, and that nothing you put on Facebook is private, and that they will be selling it to the highest bidder, then we would all know where we are.
Perhaps also a statement at the top of the privacy settings and profile pages, that says, "whatever settings you put here, it doesn't make a scrap of difference. All this information is public and we will be making it available to the harvesting bots. We don't care. There are more privacy holes in Facebook than in a Gruyere cheese, and that's the way we like it - we make more money that way."
Then they could claim to have their users informed consent.