Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Buying anything on Amazon? Please use the Geekzone Amazon aff link.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11
7473 posts

Uber Geek
+1 received by user: 418


  Reply # 980593 5-Feb-2014 12:03 Send private message

Athlonite:
Lazarui:
thegeekboy:
surfisup1000: Jeez, telecom have really played fast and loose with their customer data.

I wonder why telecom tolerate such frequent hacks to their customer email accounts? It is getting to the point where I think telecom enjoys letting their customers be hacked.

I've largely moved away from using my telecom email now. It is just getting way too many hacks.



The problem here is that Telecom no longer have any control over the Xtra brand.
Yahoo own the domain and rights to Xtra 100%. That happened back in 2011.

There's no way that those Xtra customers can leave Yahoo - and also keep their Xtra email addresses.
http://techday.com/telco-review/news/telecom-sells-yahooxtra-stake/19896/


Yahoo!Xtra was just the Yahoo.co.nz homepage, it was similar to the Xtra MSN from earlier on they used to have and is similar to the the old BT/Yahoo relationship that used to exsist, Telecom still is the registra holder of @xtra.co.nz.

There is nothing that says Telecom has ever sold on the @xtra.co.nz Domain I'm yet to see one piece of evidence that supports this suppsoed 'fact'


did you even read the link provided by the poster, did you read the bit that said Telecom divested itself of it's 49% stake in yahoo/xtra so now yahoo own it 100% of it

Telecom NZ may still own the xtra.co.nz domain name but yahoo owns the email services side of it and good luck in getting them to release user data back to telecom


Telecom must have a record of all the email addresses, as they must link back to their system. Especially as the broadband login name is actually an xtra email address. Also when my xtra email addresses all got hacked, and they changed my broadband password which is linked to the xtra username also got changed automatically.


Is there a link to the radio interview?. IMO ISPs no longer have a place in providing email, and new ISPs don't seem to provide email anymore. The only advantage for an ISP is it makes their service more sticky, and more difficult to move to another provider.

Maybe they need to give everyone a telecom.co.nz email address instead, and run the service in house on NZ based servers. Xtra is an old legacy brand so the email address domain has little association with telecom now.

42 posts

Geek
+1 received by user: 18


  Reply # 980640 5-Feb-2014 12:33 Send private message

mattwnzIs there a link to the radio interview?.


I can't find an audio file but there's a basic text link.
http://www.radionz.co.nz/news/national/235108/telecom-doing-all-it-can-do-stop-attacks

5551 posts

Uber Geek
+1 received by user: 247

Subscriber

  Reply # 980641 5-Feb-2014 12:35 One person supports this post Send private message

DigiDog:
res: I see Chris Quin was on the radio misleading people yesterday:

Good post res. I heard the Quin interview and assumed he was just a Telecom spin doctor with minimal technical knowledge whose job was to appease the Xtra masses. He used phrases like, 'We have to remember that there's been an increase in this sort of activity all around the world' to imply that Xtra hasn't been singled out. I'm surprised that none of the tech journalists have got a grip on this story yet and most media seem happy to accept the Telecom line that Xtra users should just 'delete spam emails'.

Yahoo's service is obviously badly compromised. Telecom's refusal to implement SPF makes the spammers' job so much easier.





I don't think that there's much that Telecom or Yahoo can do about this now especially if the same is a result of earlier harvesting of email addresses.  Even if Telecom was to go to Gmail  the problem of these same emails will still be there.  The only way is to change the .xtra addresses..




Regards,

Old3eyes

11322 posts

Uber Geek
+1 received by user: 608

Trusted
Subscriber

  Reply # 980644 5-Feb-2014 12:39 One person supports this post Send private message

No they could put a spf record which would stop the spoofed emails in their tracks.




Richard rich.ms

124 posts

Master Geek
+1 received by user: 22


  Reply # 980745 5-Feb-2014 15:17 Send private message

Athlonite:
Lazarui:
thegeekboy:
surfisup1000: Jeez, telecom have really played fast and loose with their customer data.

I wonder why telecom tolerate such frequent hacks to their customer email accounts? It is getting to the point where I think telecom enjoys letting their customers be hacked.

I've largely moved away from using my telecom email now. It is just getting way too many hacks.



The problem here is that Telecom no longer have any control over the Xtra brand.
Yahoo own the domain and rights to Xtra 100%. That happened back in 2011.

There's no way that those Xtra customers can leave Yahoo - and also keep their Xtra email addresses.
http://techday.com/telco-review/news/telecom-sells-yahooxtra-stake/19896/


Yahoo!Xtra was just the Yahoo.co.nz homepage, it was similar to the Xtra MSN from earlier on they used to have and is similar to the the old BT/Yahoo relationship that used to exsist, Telecom still is the registra holder of @xtra.co.nz.

There is nothing that says Telecom has ever sold on the @xtra.co.nz Domain I'm yet to see one piece of evidence that supports this suppsoed 'fact'


did you even read the link provided by the poster, did you read the bit that said Telecom divested itself of it's 49% stake in yahoo/xtra so now yahoo own it 100% of it

Telecom NZ may still own the xtra.co.nz domain name but yahoo owns the email services side of it and good luck in getting them to release user data back to telecom


They own the domain and contract out to Yahoo in order to run email services for their customers, (data being hosted by yahoo would still be owned by telecom, Yahoo is just hosting it.) this is a standard system the world over and the accounts and data are definately able to be migrated the same as when xtra shifted from their own platform/MSN to Yahoo, there is nothing stopping them from getting the data back and shifting somewhere else expect for money, it would be a costly venture.

Personally I'm in the mind that they should just drop emails all together, along with every other ISP/RSP out there.

7777 posts

Uber Geek
+1 received by user: 326

Trusted
Subscriber

  Reply # 980776 5-Feb-2014 15:34 Send private message

richms: No they could put a spf record which would stop the spoofed emails in their tracks.


Comes back to this and has been said multiple times in this thread.

Telecom could stop the bulk of this crap with a proper SPF record for xtra.co.nz that indicated only their own and yahoo servers can send for xtra.co.nz.

It's not rocket science, there would be a few customers using their own smtp servers to send for xtra.co.nz addresses but those could be fixed on a as reported basis. small price to pay to address the overall issue.





7473 posts

Uber Geek
+1 received by user: 418


  Reply # 980808 5-Feb-2014 16:18 3 people support this post Send private message

Perhaps they could just end-of-life xtra email addresses, and say any future support will need to be provided by yahoo. The problem though is yahoo don't provide phone support as far as I know, and the majority of xtra email accounts are probably mum and dads with limited technical knowledge who always phone up for any little bit of support needed. I don't think in this day and age ISPs should, or need to, provide email addresses. I mean, even telecoms own adverts demo email setup on an android phone using a gmail address, instead of a yahoo one.

157 posts

Master Geek
+1 received by user: 10


  Reply # 981250 6-Feb-2014 14:44 Send private message

Yahoo are a mess full stop. Just spent a while helping a relative from the UK. Turns out British Telecom accounts with Yahoo are also affected.

Someone had "hacked" the account on the server side, tweaked the email settings such that the replies were forwarded somewhere else with none to be saved on the server's Sent items, tweaked the reply-to address just to be sure too and then sent emails to god knows how many of the account's contacts saying help; I'm in financial difficulty and need a favour!

Phone calls, TXTs and emails have been bouncing around the world as relatives and friends are trying to find out what has happened.

7473 posts

Uber Geek
+1 received by user: 418


  Reply # 981265 6-Feb-2014 15:17 Send private message

huckster: Yahoo are a mess full stop. Just spent a while helping a relative from the UK. Turns out British Telecom accounts with Yahoo are also affected.

Someone had "hacked" the account on the server side, tweaked the email settings such that the replies were forwarded somewhere else with none to be saved on the server's Sent items, tweaked the reply-to address just to be sure too and then sent emails to god knows how many of the account's contacts saying help; I'm in financial difficulty and need a favour!

Phone calls, TXTs and emails have been bouncing around the world as relatives and friends are trying to find out what has happened.


I believe BT changed from yahoo last year after the major problems. 

There does appear to be another round today, as have had quite a few spam emails come through today from xtra.co.nz addresses.

42 posts

Geek
+1 received by user: 18


  Reply # 981268 6-Feb-2014 15:23 Send private message

Huckster... any idea why your relative is still using Yahoo? This Telegraph story confirms that BT dropped Yahoo completely in June last year, following numerous security breaches and hassles with email spam.

"The new email system for BT broadband subscribers will be branded BT Mail and run by Critical Path, a privately-held specialist email provider based in California."

http://www.telegraph.co.uk/finance/newsbysector/epic/btdota/10089355/BT-dumps-Yahoo-email-after-hacking-claims.html

I've also had spam today from both Xtra and Yahoo accounts. Bring on SPF Telecom... PLEASE!!!

157 posts

Master Geek
+1 received by user: 10


  Reply # 981272 6-Feb-2014 15:27 Send private message

mattwnz:

I believe BT changed from yahoo last year after the major problems. 

There does appear to be another round today, as have had quite a few spam emails come through today from xtra.co.nz addresses.


BT haven't changed from what I was seeing. Still using Yahoo in this case.

From their webmail login page....
BT Yahoo email security warning We've recently detected unusual activity on some BT Yahoo email accounts and have already taken steps to secure these.

Sounds familiar...? :-)



7473 posts

Uber Geek
+1 received by user: 418


  Reply # 981277 6-Feb-2014 15:31 Send private message

huckster:
mattwnz:

I believe BT changed from yahoo last year after the major problems. 

There does appear to be another round today, as have had quite a few spam emails come through today from xtra.co.nz addresses.


BT haven't changed from what I was seeing. Still using Yahoo in this case.

From their webmail login page....
BT Yahoo email security warning We've recently detected unusual activity on some BT Yahoo email accounts and have already taken steps to secure these.

Sounds familiar...? :-)




But even if telecom changed to another provider last year, they  would still be having this same problem, as these emails are not being sent via yahoos servers, they are being sent from servers in places like russia. 

42 posts

Geek
+1 received by user: 18


  Reply # 981335 6-Feb-2014 16:34 Send private message

It looks like the switchover is quite a drawn out affair if this page is anything to go by.

https://home.bt.com/pages/email/index.html?s_cid=con_FURL_newemail

157 posts

Master Geek
+1 received by user: 10


  Reply # 981735 7-Feb-2014 11:38 Send private message

DigiDog: It looks like the switchover is quite a drawn out affair if this page is anything to go by.

https://home.bt.com/pages/email/index.html?s_cid=con_FURL_newemail


The login page used still says BT Yahoo. Emails sent by the hacker to non-existant addresses are bouncing back thru Yahoo servers and even if the email was sent from somewhere in Russia, they had hacked the settings on the Yahoo system to change the reply-to address and also use and clean out the Contacts list.

Not just a simple spoof of an email address.

BDFL
50173 posts

Uber Geek
+1 received by user: 4738

Administrator
Trusted
Geekzone
Subscriber

  Reply # 983279 10-Feb-2014 13:14 Send private message

Just received:


Telecom will be contacting select Xtra email users from today, as together with service provider Yahoo it applies the latest in a programme of security enhancements to the Xtra email platform.

An additional encryption setting called ‘Secure Sockets Layer’ (or ‘SSL’), will soon be the new standard default connection for all Yahoo Xtra mail accounts and Telecom will be assisting users who access the service via a ‘third party’ email client, such as Microsoft Outlook for PCs or Android for mobiles, to update their settings.

SSL secures a user’s information and email messages making communications more private as they move between the user’s browser/device and Yahoo’s servers, to and from the destination. This enhancement secures the email while helping prevent interception or the compromise of emails, which is especially important while on an open public WiFi connection (such as those available at cafes and airports).

Telecom Retail CEO Chris Quin says that while Telecom is working hard to improve the service for dedicated Xtra email users, it’s important that customers take their online security as seriously as possible.

“Despite what has been a troublesome time with Yahoo Xtra, the majority of our users choose to retain their Xtra email address and many tell us that their email address is as much a part of their personal identity as their Facebook profile picture, phone number or home address. We’re continuing to look at what we can do to enhance Xtra mail so our users can have more confidence in the service to get on and do more online.”

“That said, while we’ll do all that we can to keep customers protected via their email portal, these security updates will not prevent the ongoing circulation of spam. Nor will it prevent Kiwis from clicking suspicious links contained in emails which can perpetuate spammers’ activity. Together, we need to work to keep all of us safe online.”





1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Netflix officialy launching in NZ in March
Created by jarj, last reply by tdgeek on 21-Nov-2014 19:08 (97 replies)
Pages... 5 6 7


Gull Employment Dispute.
Created by networkn, last reply by richms on 23-Nov-2014 23:05 (71 replies)
Pages... 3 4 5


Which one is right for me? M8, Z3, S5 or other?
Created by makiomoto, last reply by makiomoto on 20-Nov-2014 13:52 (40 replies)
Pages... 2 3


Free 1gb data with $19 combo until end of Jan 2015 (1.5gb total)
Created by eXDee, last reply by Shoes2468 on 23-Nov-2014 23:01 (16 replies)
Pages... 2


Slingshot line speed
Created by Frankiej45, last reply by Frankiej45 on 20-Nov-2014 14:38 (14 replies)

Little Wins labour Leadership
Created by MikeAqua, last reply by Aredwood on 21-Nov-2014 18:47 (53 replies)
Pages... 2 3 4


Orcon: Why did you cancel my email account without telling me??
Created by old3eyes, last reply by old3eyes on 21-Nov-2014 17:03 (13 replies)

My connection is too fast
Created by ckc, last reply by Geektastic on 20-Nov-2014 11:30 (25 replies)
Pages... 2



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.