Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8

gzt

3734 posts

Uber Geek
+1 received by user: 103

Subscriber

  Reply # 762988 15-Feb-2013 12:47 Send private message

Paul Matthews at IITP NZ provides the best explanation yet of this issue and what happened to Xtra/Yahoo mail users. It is a very good explanation.

The part "simply because admins of the Yahoo Developers Network were particularly slack in keeping their blog software up to date" does not adequately describe the scope of the failure at Yahoo.

Separately, it is worth noting Gmail has had a security feature for a long time which can alert users to possible sessions left open accidentally on other machines. The same feature provides a logout all sessions button which you can hit anytime for even a slight doubt.

It appears that Yahoo does not provide any information to the user about the possible existence of other sessions and requires a password change to effect a logout of all sessions.

Edit: The password change requirement itself is not a bad thing for most users and is a sensible implementation. If it is not a session steal then a user may have chosen the 'save password' option if they were physically present at the other machine. Just saying Yahoo lacks the additional control and insight that Gmail provides in this area.

gzt

3734 posts

Uber Geek
+1 received by user: 103

Subscriber

  Reply # 763982 18-Feb-2013 09:11 Send private message

Telecom locks users out of accounts:

http://www.stuff.co.nz/technology/digital-living/8316258/Emailers-shut-out-as-chaos-grows

Maybe Telecom has no other means available to end active sessions.

2299 posts

Uber Geek
+1 received by user: 52

Trusted
Telecom NZ

  Reply # 763983 18-Feb-2013 09:16 Send private message

gzt: Telecom locks users out of accounts:

http://www.stuff.co.nz/technology/digital-living/8316258/Emailers-shut-out-as-chaos-grows

Maybe Telecom has no other means available to end active sessions.


This is to ensure the affected users change the password. They have been emailed previously, so the lock now is to force them to change the PW. Email will still work although they cannot access it, they can change the PW

BDFL
47899 posts

Uber Geek
+1 received by user: 3536

Administrator
Trusted
Geekzone
Subscriber

  Reply # 764187 18-Feb-2013 14:39 Send private message

From Bill Bennet "Dump Yahoo now":


Yahoo is the problem. Not just for the sloppy security which meant the Yahoo Mail site has a cross site scripting vulnerability.That’s bad enough. But Yahoo lied about the fault. Then it hid the vulnerability’s seriousness both from partners like Telecom NZ and from end-users.

Yahoo repeated claimed to have fixed the problem. It hadn’t.

The company simply cannot be trusted. That leaves us with no alternative: it’s time to dump everything Yahoo.





1940 posts

Uber Geek
+1 received by user: 11


  Reply # 765350 18-Feb-2013 19:09 Send private message

Our company had issues with Yahoo email servers often in the last 2 years, when producing our billing runs.. We'd get in touch with Gen-I who then tell us it's Yahoo..




- Telstra HTC Touch Pro2 - Energy ROM WM6.5.5 20 Oct/Cyanogen Mod Froyo 2.2 - R.I.P
- AT&T Galaxy S Captivate 16GB on XT (now with brother)
- Samsung Galaxy S2 on XT- Runs ICS 4.0.3 Resurrection Remix 9.2
- Business Hours - Work In The Electricity Industry, After Hours - DJ/Turntablist - Will Scratch Vinyl For Free'
- What's next??? S3?

7516 posts

Uber Geek
+1 received by user: 232

Trusted
Subscriber

  Reply # 765480 18-Feb-2013 22:22 Send private message

insane: Was talking with one of the engineers who worked n the old extra mail system and was told they spent $20mil on it before switching to yahoo... that's no insignificant figure for a free service.



$20 million buys a lot of server/storage hardware and engineer time.

Telecom may be the largest ISP in NZ with half a million users but they are small by international standards, surely carrier email is a solved problem which lots of telco grade options.



1994 posts

Uber Geek
+1 received by user: 115

Trusted
Subscriber

  Reply # 774026 3-Mar-2013 22:14 Send private message

Hmmmm
Looks like telecom and yahoo nz arent the only ones to expierence this issue with Yahoos email service.

I just got some messages from a customer of mine that still uses their old BT Internet email account - and the message looks exactly like the ones i was getting from Xtra users.

BT Internet also outsource their email to Yahoo! like telecom do.
Am waiting for this to appear on the register.




Ray Taylor
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here




6087 posts

Uber Geek
+1 received by user: 207


  Reply # 774036 3-Mar-2013 22:27 Send private message

raytaylor: Hmmmm
Looks like telecom and yahoo nz arent the only ones to expierence this issue with Yahoos email service.

I just got some messages from a customer of mine that still uses their old BT Internet email account - and the message looks exactly like the ones i was getting from Xtra users.

BT Internet also outsource their email to Yahoo! like telecom do.
Am waiting for this to appear on the register.


But this sort of thing happens all the time on a small scale, when someones computer is compromised. So it maybe totally unrelated.

5902 posts

Uber Geek
+1 received by user: 74

Trusted
Subscriber

  Reply # 774078 4-Mar-2013 06:58 Send private message

Yep. got several from both Yahoo.au and Yahoo.ca over the weekend.

Cyril

8 posts

Wannabe Geek


  Reply # 775012 5-Mar-2013 14:57

I have 2 yahoo accounts and an xtra account. I only use two of them on a regular basis. All three were fine the with the first hacks in mid Feb (no spam sent and login history all consistent with my own), but I just signed into the yahoo.com.au account that I never use (which thankfully has an empty address book, inbox and sent folder), and there were 2 emails - one a failure to deliver notice from yahoo and a second from me to me, that I did not send (didn't open it - just viewed the full message headers and saw my email address in both the sender and to fields). Checked my login history on the account and it shows 2 logins from Venezuela on Feb 25th. Great... Have just changed my password.

I haven't used that account for about 6yrs for emailing, and is hasn't been associated with any forums or websites for the same length of time. I sign in once every 2 months just to keep the account open so I can keep it as a spare, but that's it. This is the first time something has been in the inbox in years. Clearly the security breach was on yahoo's end and not mine. They need to sort their %$#@ out.

So yes.. definitely time for xtra to ditch yahoo!!


BDFL
47899 posts

Uber Geek
+1 received by user: 3536

Administrator
Trusted
Geekzone
Subscriber

  Reply # 793800 5-Apr-2013 12:14 Send private message

Just received:


TELECOM COMPLETES YAHOO! XTRA REVIEW; RENEWS COMMITMENT TO CUSTOMER EMAIL

Telecom New Zealand announced today that it will continue to offer its Yahoo! Xtra email service with Yahoo as its email provider, after receiving strong feedback from customers around the high value they place on it and obtaining a commitment from Yahoo! that it would work with Telecom to improve the customer experience of the service.  

The decision follows a comprehensive review of Yahoo! Xtra email, which Telecom announced in February after a series of customer impacts - including a malicious email incident in which a significant number of Xtra accounts were compromised.  As part of the review, Telecom carried out research with customers and potential customers on the importance of having an email service supplied by their broadband provider. 

Telecom Retail CEO Chris Quin says: “What came through loud and clear was that customers put a lot of value on the Yahoo! Xtra email service and rate it very highly.  Many have used an Xtra address for a number of years and see it as an important part of their online identity.  We looked seriously at whether we should continue offering an email service at all, and the overwhelming feedback from our customers was that we should.

“Of course there are those customers who use Telecom’s Broadband or Ultra Fibre services but choose not to have a Yahoo! Xtra email address, and so we are also looking at how we can better cater for those customers in the future.  This is particularly common amongst new customers, who usually come to us with an existing email account. While a Yahoo! Xtra account is available to all of our Broadband customers if they see value in it, it is by no means mandatory for them to take it up.

Mr Quin said that the review showed that email security is very much a global issue – it is by no means a problem limited to Yahoo!.

“All email providers are engaged in a continuous battle against online crime and spam. Yahoo!, as one of the biggest global providers of email, is at the frontline of this battle - they alone block more than 600 billion spam messages a month.  They’ve made it clear to us how seriously they take the overall security of their systems and our customers’ data.” Mr Quin adds.

Following the February incident, Telecom urged customers to improve their online security by changing their email password, and continuing to do so regularly.

“More than 200,000 customers have now changed their passwords, demonstrating a growing understanding amongst our customers of how to keep themselves secure online. We encourage customers to change their passwords monthly as part of good online practice.”

Mr Quin says that as a result of the review, Telecom and Yahoo! are taking steps to improve both the security and the customer experience of the Yahoo! Xtra service. 

 “In the short term, Telecom is working with Yahoo! to implement a much simpler process for alerting customers whose accounts have been compromised and helping them re-secure those accounts.  This will involve automatically directing customers to a webpage that advises them their accounts have been compromised and then steps them through changing their password, and making any necessary changes to their settings.

“We are also evaluating a solution that would see us move to Yahoo! standardised infrastructure, rather than the bespoke service they provide us with today. We believe this would offer a more robust and flexible platform, with greater redundancy than our current setup, improving the reliability of the service, and reducing the impact of any incident if something does go wrong.”

Mr Quin says Telecom looked very seriously at whether it should continue to partner with Yahoo! to deliver Yahoo! Xtra email. Discussions were held with the Yahoo! CEO and senior executives and with other large international telcos who, like Telecom, use Yahoo as an email service.

“After a thorough review of our partnership with Yahoo!, we have decided that continuing this partnership is in the best interests of our customers.  We are confident that Yahoo! are as committed to improving the customer experience of Yahoo! Xtra email as we are and with 400,000 customers using the Yahoo! Xtra service regularly, any decision to change the service has significant implications and could not be undertaken lightly.

“While the reality of today’s online world means that future security incidents cannot be entirely avoided, we will continue to take constant steps towards mitigating risks and improving the experience of our customers.

“Our review is not the end of this chapter. We’ll continue to work closely with Yahoo! to monitor issues, and ensure that any potential risks are mitigated so that we can deliver the best overall experience for our customers.”





6090 posts

Uber Geek
+1 received by user: 382

Trusted
Subscriber

  Reply # 793804 5-Apr-2013 12:19 One person supports this post Send private message

Easily the dumbest decision of 2013

39 posts

Geek
+1 received by user: 17


  Reply # 793810 5-Apr-2013 12:29 One person supports this post Send private message

So it's true... the majority of Xtra customers actually prefer a crap service! ;-)

Many have used an Xtra address for a number of years and see it as an important part of their online identity.  We looked seriously at whether we should continue offering an email service at all, and the overwhelming feedback from our customers was that we should.

Hello? I think the discussion was whether to drop Yahoo as a sub-contractor... not to lose everyone's Xtra address.

However dropping email altogether would certainly give Telecom a unique selling point... the only ISP in the world that doesn't offer email addresses. Honestly! As far as PR spin goes this really isn't very good.

1385 posts

Uber Geek
+1 received by user: 66

Trusted
Subscriber

  Reply # 793814 5-Apr-2013 12:36 Send private message

DigiDog: So it's true... the majority of Xtra customers actually prefer a crap service! ;-)

Many have used an Xtra address for a number of years and see it as an important part of their online identity.  We looked seriously at whether we should continue offering an email service at all, and the overwhelming feedback from our customers was that we should.

Hello? I think the discussion was whether to drop Yahoo as a sub-contractor... not to lose everyone's Xtra address.

However dropping email altogether would certainly give Telecom a unique selling point... the only ISP in the world that doesn't offer email addresses. Honestly! As far as PR spin goes this really isn't very good.


Classic PR - ask yourself easy/obvious questions so that your answers seem considered and authoritative


Just imagine the spin if they stopped providing email "Its about providing our customers with the freedom to choose their email provider"



4765 posts

Uber Geek
+1 received by user: 530


  Reply # 793815 5-Apr-2013 12:38 Send private message

DigiDog: So it's true... the majority of Xtra customers actually prefer a crap service! ;-)

Many have used an Xtra address for a number of years and see it as an important part of their online identity.  We looked seriously at whether we should continue offering an email service at all, and the overwhelming feedback from our customers was that we should.

Hello? I think the discussion was whether to drop Yahoo as a sub-contractor... not to lose everyone's Xtra address.

However dropping email altogether would certainly give Telecom a unique selling point... the only ISP in the world that doesn't offer email addresses. Honestly! As far as PR spin goes this really isn't very good.


those two things would presumably be one and the same decision since Yahoo runs the platform.



1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic








Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when new jobs are posted to our jobs board:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Forms of government for New Zealand
Created by charsleysa, last reply by gzt on 16-Apr-2014 22:14 (69 replies)
Pages... 3 4 5


Business vs Residential UFB, why the huge difference in cost??
Created by dman, last reply by dman on 16-Apr-2014 23:45 (22 replies)
Pages... 2


why does the tax payer have to pay for the prince and princess' 6 star holiday?
Created by joker97, last reply by Lazarui on 16-Apr-2014 12:56 (66 replies)
Pages... 3 4 5


Problem with NDSCam
Created by haydenmarsh, last reply by Benoire on 14-Apr-2014 21:28 (21 replies)
Pages... 2


MH370 - Call for Search & Rescue Help
Created by DS248, last reply by Sideface on 15-Apr-2014 16:40 (734 replies)
Pages... 47 48 49


True cost of driving ..
Created by rayonline, last reply by alasta on 14-Apr-2014 20:43 (52 replies)
Pages... 2 3 4


Why is there a lack of ultraportables with Intel Iris graphics?
Created by d3Xt3r, last reply by wasabi2k on 14-Apr-2014 13:21 (32 replies)
Pages... 2 3


Help ! Home business connection and VDSL dead. yikes.
Created by Scotsman, last reply by FireEngine on 16-Apr-2014 19:59 (15 replies)


Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.