http://www.zdnet.com/au/iinet-suffers-two-security-vulnerabilities-users-spammed-7000005219/ By Michael Lee ZDNet October 4, 2012 iiNet experienced a breach of its 3FL gaming forums in June this year, just prior to its merger with Internode's games.on.net site, but failed to inform its customers. iiNet is alleged to have attempted to cover up the breach, with an unnamed source forwarding to Australian tech news site Delimiter an internal iiNet email sent by iiNet Operations Centre Supervisor Paul Guidera, which instructed staff to put in place a communications block-out. It is not clear whether this was meant to only apply while an investigation was in place, but iiNet never publicly came forward to announce a breach of its systems. iiNet declined ZDNet's invitation to respond to allegations of a cover up, and when asked for an official statement about the breach of the systems, we were instead pointed to a comment made by iiNet CTO John Lindsay on Delimiter. Lindsay's comments confirm that a breach took place, stating that the attacked gained entry via "an unpatched hole in PHP." "Upon finding this, we shut down the forum immediately. No financial information was stored on this database. We didn't handle the external communications well after this incident, and have made changes to our internal policies," he said. [...] -- Certified Ethical Hacker and CISSP with ExpandingSecurity.com gives the best training and support. Last 2012 CISSP and CEH starts Oct. 1! Take action now and be done before 2012 ends. Best program, best price. CISSP info signup http://www.expandingsecurity.com/product/cissp-live-online-10-week-course/ CEH info signup http://www.expandingsecurity.com/product/ceh-certified-ethical-hacker-online/ Our Live Online classes will not wreck your schedule.Received on Wed Oct 03 2012 - 23:09:49 PDT
This archive was generated by hypermail 2.2.0 : Wed Oct 03 2012 - 23:04:17 PDT