Windows Server 2012 Resource Centre
[ad] Windows Server 2012 redefines the server category, delivering hundreds of new features and enhancements spanning virtualization, networking, storage, user experience, cloud computing, automation, and more. Click here to visit our Windows Server 2012 Resource Centre with case studies, white papers and articles about Windows Server 2012.
Nokia Lumia Smartphones: Innovation's calling
[ad] Nokia Lumia with Windows Phone comes with unique camera technology, wireless charging and turn-by-turn navigation. Make every image picture perfect. See your city differently. Charge without wires. Click here to learn more.
Save up to $199 on Dell XPS 12 Ultrabooks: Power for your projects and passions.
[ad] This convertible Ultrabook™ delivers the speed and performance you expect from the XPS family in a sleek new design that's ready for work and play. Don't get two pieces of technology when one will do it all. The Dell XPS 12 is a tablet and Ultrabook combined to produce the perfect laptop.
Great articles on other sites
- Proof the internet filter lives on by other means
- Budget 2013: Heavy on 'showcasing', light on strategy
- CGU to replace core insurance system
- Google Australia calls for mandatory comp sci until year 10
- Spectrum fail could help Libs fight Labor's regional NBN
- Offended By Fraudband? Maybe You Shouldn’t Have Said It First
- Brisbane Grammar School prepares for Lync
- Coalition wants ex-Telstra players for NBN board
- That NBN Speed Comparison Site Now Looks More Realistic
- GovHack to encourage agencies on open data
Managing virtualised environments: Free whitepaper
[ad] Virtualisation is one of the single most important technologies for efficiently operating servers. This free whitepaper presents information about current trends in virtualisation adoption, risks associated with single vendor virtualisation, and the benefits of open source virtualisation. Click here to download the whitepaper.
One More Thing - iOS App Maker Conference - 24th May
[ad] If you make iOS apps, come listen to the best in the industry share their tip & tricks for App Store success. Melbourne, 24th May, 2013 - use the coupon code "delimiter" for 5% off.
News, Telecommunications - Written by Renai LeMay on Thursday, September 27, 2012 10:34 - 27 Comments
Has iiNet been hacked? Rumours swirl
news National broadband provider iiNet has conducted an audit of its network security, as persistent rumours continue to swirl that one of the company’s customer databases has been broken into and its contents handed over to spammers – a claim iiNet says it can find no evidence for.
Several months ago, Delimiter received an unverified tip stating: “iiNet’s games network has been hacked. Usernames and passwords compromised. Happened 3 months ago. Discovered last Friday. Customers have not been notified and don’t know that their passwords are not secure.” At the time, the information was not able to be verified, and there continues to be no verified evidence that such an attack had been perpetuated at the ISP.
However, starting several weeks ago, iiNet customers on broadband forum Whirlpool started complaining about receiving spam email containing Amazon branding to accounts which they had not publicly used for any purpose.
“Since I run my own mail server, I don’t use my @iinet.net.au e-mail address except to contact iiNet,” a user named ‘Malvineous’ wrote at the time. “A few weeks ago I started getting a couple of non-English spam messages sent to it (all from the same place), which seemed strange as I have never entered this address in anywhere. This morning I received an apparently legitimate looking spam from “Amazon local deals” except that it appeared to originate from a Linode VPS instead of Amazon’s network.”
A number of other users replied noting ‘that they had been experiencing exactly the same phenomenon. “Same thing with me,” wrote ‘rikki’, for example. “I recently logged in to my iinet email account (which I never use), for a support query update and noticed that email which I just deleted without reading it as it looked like spam. I’ve been having exactly the same thing with my iinet email address. Like you, I never use it and have my own mail server. I probably first noticed the Amazon email a week or so ago and just received another this morning.”
‘Malvineous’ wrote that they were concerned about the wider implications from the situation, rather than merely the fact that their email address was receiving a small amount of spam.
“Given that it seems a number of iiNet customers are receiving the *same* spam, at the same time, it looks like there’s a list of iiNet usernames floating around somewhere. This is quite worrying, because if it turns out to be true, we need to know where the list came from. If it was stolen from iiNet, what other information was taken? Was it just usernames, or did it include real names, addresses and/or credit card info as well?” they wrote. “Nobody is that worried about the spam itself, but the fact that there is spam suggests there’s something bigger going on, and that’s what we’re concerned about.”
One possible avenue of attack is an automated spam mechanism guessing iiNet usernames through a brute force avenue – simply emailing every possible combination of usernames. This possibility was raised by iiNet representative Mayank Gavri on the Whirlpool thread dealing with the situation.
This week, iiNet network services manager Roger Yerramsetti posted that iiNet had done “a lot of digging” but could not find any evidence of a security breach or inappropriate access of customer information. “Our teams have looked outward from iiNet and we’ve had expert people looking inward from outside as well,” he wrote. “There were some settings we were not happy with, which have now been modified, but for obvious reasons we cannot state what we have done. At this point we are happy to offer to change any affected account holder’s authoritative email address to stop any further unwanted emails.”
The news comes several months after another major Australian telecommunications company, AAPT, had some of its data compromised, with the loose knit group of Internet activists known as ‘Anonymous’ publishing some 3.5 gigabytes of data from the company, in protest against a wide-ranging package of surveillance and data retention reforms currently proposed by the Federal Government.
At this point there is no verified evidence that iiNet has been hacked at all – only rumours and innuendo. But I thought it worth publishing an article on this subject as I have been receiving reader tips about this matter every two or three weeks for the past couple of months, and iiNet has made a statement on the issue. If anyone does have concrete evidence about this issue – especially if iiNet is hiding anything – please don’t hesitate to use Delimiter’s anonymous tips form. Even we won’t know who you are ;)
Leave a Comment
Enterprise IT, News - May 20, 2013 14:16 - 0 Comments
More In Enterprise IT
- Australia’s universities hacked on a regular basis
- 32 years later, CGU replaces insurance IT platform
- Guzman y Gomez likes the taste of NetSuite
- Microsoft finally launches Surface Pro in Australia
- Qantas still finalising Outlook shift
Blog, Telecommunications - May 20, 2013 13:08 - 1 Comment
More In Telecommunications
- Is FTTN vectoring just a pipe dream?
- Turnbull rejects Labor’s NBN subsidy claims
- ASIC blocked “numerous” sites over 9 months
- Telstra suffers another data breach
- FOI requests target Section 313 notices
Blog, Gadgets - May 13, 2013 15:52 - 0 Comments
More In Gadgets
- HP Slate 7 to land in Australia shortly
- Why touchscreens matter for laptops
(Or, review of the ThinkPad X1 Carbon Touch)
- Amazon Appstore challenging Google Play as Australian launch looms
- Consoles to suffer as tablets triple mobile games downloads by 2017
- Despite Aussie windfall, does Apple profit slide suggest hard times ahead?