BreachExchange mailing list archives
iiNet suffers two security vulnerabilities, users spammed
From: security curmudgeon <jericho () attrition org>
Date: Tue, 9 Oct 2012 10:54:31 -0500 (CDT)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.zdnet.com/au/iinet-suffers-two-security-vulnerabilities-users-spammed-7000005219/ By Michael Lee ZDNet October 4, 2012 iiNet experienced a breach of its 3FL gaming forums in June this year, just prior to its merger with Internode's games.on.net site, but failed to inform its customers. iiNet is alleged to have attempted to cover up the breach, with an unnamed source forwarding to Australian tech news site Delimiter an internal iiNet email sent by iiNet Operations Centre Supervisor Paul Guidera, which instructed staff to put in place a communications block-out. It is not clear whether this was meant to only apply while an investigation was in place, but iiNet never publicly came forward to announce a breach of its systems. iiNet declined ZDNet's invitation to respond to allegations of a cover up, and when asked for an official statement about the breach of the systems, we were instead pointed to a comment made by iiNet CTO John Lindsay on Delimiter. Lindsay's comments confirm that a breach took place, stating that the attacked gained entry via "an unpatched hole in PHP." "Upon finding this, we shut down the forum immediately. No financial information was stored on this database. We didn't handle the external communications well after this incident, and have made changes to our internal policies," he said. [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- iiNet suffers two security vulnerabilities, users spammed security curmudgeon (Oct 09)